The Lighter Side Of The Cloud – The Apple Watch
The Lighter Side Of The Cloud – Coffee Break
The Lighter Side Of The Cloud – Whoops!

Robin Hood Gone Evil: Loophole Leading To Cloud Pickpocketing Identified

Robin Hood Gone Evil: Loophole Leading To Cloud Pickpocketing Identified

Researchers at North Carolina State university and University of Oregon have proposed a jaw-dropping price tag for performing heavy duty cloud computing task – as low as zero dollars. Experiments reveal that cloud-based web browsers can be exploited to hijack the underlying computational power, and that as well, in total anonymity.

The result could be as unforgivable as cloud computing time theft of mammoth proportions. The pickpocketed resources, once fallen into the wrong hands, can be used for just about anything, including brute force password crack attempts, denial of service attacks and other genres of cycle-hungry attacks.

Contrary to relying upon the end-user’s device to perform the number crunching, cloud-based browsers make the most out of cloud resources to process and deliver web pages. This functionality of cloud-based browsers (likes of Opera Mini, Amazon Silk and Puffin) can be imitated by creating customized variants that have the potential to trick servers into performing word counts, string parsing, text search and other tasks for free. The above is accomplished by a neat hack termed as the browser MapReduce, BMR.

BMR spawns from Google’s MapReduce, an alternative mechanism to manage parallel processing of utterly large datasets. In simple words, Browser MapReduce operates by amassing free JavaScript processing cycles, in unison with a punctilious scheduling plan to effectively work around the processing bounds enforced originally by the cloud-browser providers.

The team has proved their point by saving chunks of data on URL-shortening sites, effectually deceiving them and the cloud browser providers into processing about 100MB of data for free. “What we were able to do was chain together a bunch of requests to make a larger computation“, Enck, the primary research investigator, explained.

Things are not all gloomy though. The team also presented ways to fix the cloud exploitation problem, the most effective requiring a check on the number of requests that can be directed towards the core server cluster originating from a single user. A user-authentication mechanism built into the browser should do the trick pretty well. Enck pointed out that “Instead of allowing anyone on the Internet to make requests of their servers, end users should have accounts.”

Such a methodology would allow for the service providers to notice whenever one account is generating requests that are enormously volumetric for a genuine human user. The team is all set to present their research findings at the Annual Computer Security Alliance summit to be held in the first week of December 2012.

The title of the research work, “Abusing Cloud-Based Browsers for Fun and Profit” almost says it all – cloud security measures associated with mobile devices require further fortification.

Loopholes of such sort continue to assist the bad guys in using cloud computing horsepower for not-so-noble purposes. Its about time that cloud-browser service providers take note of such weak links in the mobile cloud computing chain before the tables are turned on them.

By Humayun Shahid

Humayun

With degrees in Communication Systems Engineering and Signal Processing, Humayun currently works as a lecturer at Pakistan's leading engineering university. The author has an inclination towards incorporating quality user experience design in smartphone and web applications.

Sorry, comments are closed for this post.

Popular Archives

Cloud Computing Services Perfect For Your Startup

Cloud Computing Services Perfect For Your Startup

Cloud Computing Services Perfect For Your Startup Chances are if you’re working for a startup or smaller company, you don’t have a robust IT department. You’d be lucky to even have a couple IT specialists. It’s not that smaller companies are ignoring the value and importance of IT, but with limited resources, they can’t afford…

Internet Of Things – Industrial Robots And Virtual Monitoring

Internet Of Things – Industrial Robots And Virtual Monitoring

Internet Of Things – Industrial Robots And Virtual Monitoring One of the hottest topics in Information and Communication Technology (ICT) is the Internet of Things (IOT). According to the report of International Telecommunication Union (2012), “the Internet of things can be perceived as a vision with technological and societal implications. It is considered as a…

The History Of Back-Ups

The History Of Back-Ups

The History of Back-Ups There’s no doubt about it – we are spoilt. With external hard-drives, CDs, USB memory sticks, SD cards, online storage and multiple devices with vast memories we can save, access and back up our data more easily and more efficiently than ever before. (Image Source: Maxim Yurin, SoftLogica)  It’s not always been…

Cloud Infographic: Cloud Public, Private & Hybrid Differences

Cloud Infographic: Cloud Public, Private & Hybrid Differences

Cloud Public, Private & Hybrid Differences Many people have heard of cloud computing. There is however a tremendous number of people who still cannot differentiate between Public, Private & Hybrid cloud offerings.  Here is an excellent infographic provided by the group at iWeb which goes into greater detail on this subject. Infographic source: iWeb About…

The Cloud Above Our Home

The Cloud Above Our Home

Our Home – Moving All Things Into The Cloud The promise of a smart home had excited the imagination of the movie makers long ago. If you have seen any TV shows in the nineties or before, the interpretation presented itself to us as a computerized personal assistant or a robot housekeeper. It was smart,…

Recent

Cloud Security Hottest Issue At RSA

Cloud Security Hottest Issue At RSA

Cloud Security Hottest Issue The integral integration of cyber security and cloud technology seemed to be the hottest issue at the busy RSA 2015 Conference in San Francisco. Interested parties packed security and cloud service booths for the duration of the conference. Several prominent publications covered the increased importance of securing their private information that’s…

Imperfect Security: The RSA Conference And The Illusion Of Safety

Imperfect Security: The RSA Conference And The Illusion Of Safety

The RSA Conference And The Illusion Of Safety This year’s 2015 RSA Conference is taking place from April 20th to 24th, in San Francisco, California. Here, security leaders from across the vast expanse of tech, politics, and more will gather to discuss the past, present, and future of security. From application security to technology infrastructure,…

The Lighter Side Of The Cloud – Day 5

The Lighter Side Of The Cloud – Day 5

By David Fletcher Are you looking to supercharge your Newsletter, Powerpoint presentation, Social media campaign or Website? Our universally recognized tech related comics can help you. Contact us for information on our commercial licensing rates. About Latest Posts HumayunWith degrees in Communication Systems Engineering and Signal Processing, Humayun currently works as a lecturer at Pakistan’s…

Contact Us

Sending

Technology Sponsors

hp Logo CityCloud-PoweredByOpenstack-Bluesquare_logo_100x100-01
cisco_logo_100x100 vmware citrix100
Site 24x7 200px-KPMG

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

CloudTweaks Comic Library

Advertising