Startup cloud company ProfitBricks has been lashed by a security researcher for some security screw-ups discovered after it revamped its prices to undercut Amazon Web Services. In a telephone call on Friday, ProfitBricks cofounder Andreas Gauger confirmed that the masterimage of one of his company's Linux images had been built …
seems pretty weak
installing linux on an internet facing computer is obviously not like installing windows on an internet facing computer(at least earlier versions of windows, not sure how the latest versions do - I seem to recall reading/hearing/seeing recent windows automatically activate it's firewall during installation until updates are applied or something).
I really would have no issue doing that myself, I haven't done it(recently), mainly because it takes more work for me to make a computer internet facing (for inbound traffic anyway) than it does to not make it so.
Cats falling down stairs and other Internet imagery.
White found that the 6.3 CentOS image had apparently been built on a public internet-facing computer.
"The fact that the equivalent of a trusted 'gold master' OS image was originally built on a public-facing box is unfathomable to me," White said via email. "Imagine if you put a naked Windows XP/WIn 7 box on the internet and *then* ran Windows update, over the course of two days. Would you trust that build to hold your sensitive data?"
1) "Building" the CentOS image on a public-facing box is a problem? How much public-facing is it?
2) "Building" the CentOS image is the same as leaving a naked, unpatched Windows XP on the Internet?
3) The fact that a "build" was performed lets one conclude anything about the OS on said public-facing box and its security lockdown or lack thereof?
RETARDED. SECURITY "RESEARCHER" FAIL.
after it revamped its prices to undercut Amazon Web Services
This business plan is made of fail and pain
In research sponsored by Amazon...
May as well be, he's done their job for them. FUD, who's going to risk saving a few cents now?