Lifting the Fog presented at BlackHatAbuDhabi 2010

by Dominic White,


Summary : Cloud services continue to proliferate and new users continue to flock, in a clear demonstration that cloud computing is more than simply a flash-in-the-pan. Coupled with this rapid evolution of services are protection mechanisms for the services, which often lag. Last year we highlighted weaknesses in the cloud model and demonstrated a number of vulnerabilities in large cloud providers. In this talk, we examine a particular technology underlying the scalability of many cloud applications, namely memcached. We discuss the possibility of memcached mining which would be a natural exploitation path once a vulnerability inside a cloud application is discovered and will demonstrate this with a new tool aimed at discovering and mining memcached servers.