Researchers discover public cloud data searchable through Google -- Government Computer News

Cloud services hacked via Google search

By GCN Staff
Nov 10, 2011

Researchers at Stach & Liu, a security consulting firm, have advised organizations against storing critical information on the public cloud until there are better intrusion detection systems available for cloud services, the Dark Reading website reports.

The firm made the recommendation after discovering that access codes and passwords to thousands of public cloud services could be found via a simple Google search. The firm first reported the results of their cloud services security research at the Hacker Halted conference in October in Miami, according to Dark Reading.

"It is not a good idea to put sensitive data out in the cloud right now -- at least not until there are intrusion-detection systems that would let users see these types of searches on their cloud services," Fran Brown, managing director of the firm, told Dark Reading.

FBI's hotel Wi-Fi warning: Don't talk to strange pop-ups05/11/2012
'No one would tolerate' Internet crime rates in physical world, FCC official says 03/29/2012
LulzSec Reborn? Military dating data dump may be work of reformed group03/29/2012
Malware Madness: Stuxnet, Nimda into the Final 4; who's next?03/23/2012
Search engine poisoning: How malicious sites fool your filters02/29/2012

Share this Page

Reader Comments

Mon, Nov 14, 2011

The title of this article is misleading. It has absolutely no bearing on any particular public cloud security. Any search engine could have been listed. You can do the same for on premise systems as well that are connected to the Internet and do not deploy security best practices. Making generic blanket statements is not good and leads to misinformation. Everyone does security differently when it comes to people, processes, and technology, so evaluate each based on its merits.

Mon, Nov 14, 2011 Sue

Fran should advise that in addition to intrusion detection systems, a "reverse content-aware firewall" needs to be in place as well.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)

Your Email:(optional)

Your Location:(optional)

Comment:

Please type the letters/numbers you see above

Related Podcasts

Related Webcasts

Related White Papers

More Resources

GCN eNewsletters

Editorial Webcasts

Cloud Computing: Ushering in the Next Wave of Data Center Consolidation
In this webcast, a government IT expert will explore the top considerations, operational requirements and policy challenges inherent to integrating new and legacy applications in the cloud. You will explore the pros and cons of adopting a public vs. private cloud model based on your specific security and operational requirements, as well as how you can fully leverage your cloud investment to achieve efficiency, collaboration and transparency needs. Read more

What is your e-mail address?

Do you have a password?

HOT TOPICS

Resource Center

Cloud services hacked via Google search

Related Articles

Share this Page

Reader Comments

Mon, Nov 14, 2011

Mon, Nov 14, 2011 Sue

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Anonymous claims theft of 1.7 G of data from DOJ

Army wants to train on its own private Internet

Android, Mac malware on rise, and beware mom-and-pop websites

Analysis of social site hack: Are risks too great for gov workers?

By land, by sea, by air: DOD looks to take mobile devices global