Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Google Compute Engine - Lateral Compromise
May 30 2014 05:09PM
Scott T. Cameron (routehero gmail com)
A user who creates a GCE VM with compute-rw privileges, who
subsequently has that single VM compromised, can lead to a global
compromise of all VMs inside of the account.
VMs created in the web UI, by default, come with compute-rw privileges.
Googleâ??s account manager fetches ssh keys from the ...
[ more ]
Copyright 2010, SecurityFocus