BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Google Compute Engine - Lateral Compromise May 30 2014 05:09PM
Scott T. Cameron (routehero gmail com)
A user who creates a GCE VM with compute-rw privileges, who
subsequently has that single VM compromised, can lead to a global
compromise of all VMs inside of the account.

VMs created in the web UI, by default, come with compute-rw privileges.

Googleâ??s account manager fetches ssh keys from the ...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus