[Cialug] Access credentials for new cloud instances

Don Ellis don.ellis at gmail.com
Mon Jan 23 17:08:21 CST 2012 

On Mon, Jan 23, 2012 at 4:58 PM, Zachary Kotlarek <zach at kotlarek.com> wrote:
>
> On Jan 23, 2012, at 2:23 PM, Thomas Kula wrote:
>
>> Ah, but the problem here is how do you know that the thing
>> you are now sshing into and are generating magic bits is
>> actually the thing you mean to be logging into and generating
>> magic bits? I.e. this isn't someone between you and your cloud
>> provider who's gotten your image and is making traffic for that
>> ip head over to this rogue image?
>
>
> That is a possible attack vector. And really they don't even need your image unless you've got secrets on it.
>
> But if you're going to extend your protection to "attackers that can convincingly impersonate interactive comm" you need to take it a lot further -- how do you know someone didn't hijack your Firefox download and add their own SSL CA? Or mangle your distro download to replace the SSH client with one that steals your secrets? Or mangle your GPG download to provide false validation for package signatures? Or mangle your gcc download to compile a backdoor into all your programs?
>
> My point is just that there are lots of tools/systems you probably already use that are subject to the same sort of attack, and I don't think there's any reason to believe that this particular service would be more susceptible to such an attack.
>
>        Zach

Zach, I agree. Just because it could happen doesn't mean it is likely.
Much more important to block the attacks that are most convenient and
most likely. For example, it's reasonable to put a deadbolt lock on
your house door (and use it) and a club on your car. There are ways to
bypass either of them, but most attackers are likely to move on to
another victim rather than bother with attacking you. And, someone has
mentioned that if you have reasonable security on your system, it is
often much easier to physically attack the person to get a required
secret than to try to attack the system. Rubber hose attack vectors
are much faster and more effective than most  systems available to
script kiddies, especially when the system has something of value.

--Don Ellis

More information about the Cialug mailing list