简体中文
繁體中文
English
Pусский
日本語
ภาษาไทย
Tiếng Việt
Bahasa Indonesia
Español
हिन्दी
Filippiiniläinen
Français
Deutsch
Português
Türkçe
한국어
العربية
요약:At the core of it, it's a simple IT error, but it shows that "the cloud," especially cloud security, is still being figured out.
The vulnerability that led to the Capital One data breach was a result of a misconfigured Capital One system that communicates with Amazon's Web Services (AWS) cloud platform, according to a report in The Wall Street Journal.
The type of vulnerability has been known about by security researchers for years.
Amazon places the responsibility on its clients to properly configure their systems.
The incident underscores what's likely to become a louder debate about security within the nascent cloud industry.
Visit Business Insider's homepage for more stories.
The vulnerability that led to the Capital One hack was known by security researchers since 2014, according to a report in The Wall Street Journal on Monday.
The Capital One breach was a result of misconfigured setting on a system that allowed the bank to communicate with Amazon Web Services (AWS), the bank's cloud provider. The misconfiguration led to weak security in one of the bank's networks.
It's unclear if Amazon itself knew if Capital One's systems specifically were misconfigured before the breach. Amazon says that it offers alerts when it detects security incidents, but no alert was sent or received by either Amazon or Capital One.
Still, Amazon places the responsibility on its customers to properly configure their systems, according to security adviser Scott Piper, who advises companies like Capital One on Amazon cloud security and spoke with the WSJ. Even if Amazon had known that a Capital One system was misconfigured, it's unclear if Amazon would have done anything about it.
It's likely that Capital One's security teams knew of the existence of the general type of vulnerability exploited in the breach, but whether they were aware that one of their systems was misconfigured isn't clear, either.
At the core of it, the Capital One breach appears to be an IT error on Capital One's part. Amazon has refused to take any culpability with the Capital One breach, and Capital One doesn't blame Amazon, either.
The debate of whether Amazon or Capital One did enough to prevent the hack underscores the extent to which the nascent cloud computing industry is still grappling with important procedures and expectations. Security in particular is an area that's likely to receive increasing scrutiny.
In February, it was found that other AWS clients have misconfigured systems, similar the one that led to the Capital One breach, according to security researcher Brennan Thomas who spoke with WSJ. And Thomas also said that the vulnerability isn't specific to AWS, but to other cloud platforms, too.
Amazon did not immediately replay to a request for comment.
면책 성명:
본 기사의 견해는 저자의 개인적 견해일 뿐이며 본 플랫폼은 투자 권고를 하지 않습니다. 본 플랫폼은 기사 내 정보의 정확성, 완전성, 적시성을 보장하지 않으며, 개인의 기사 내 정보에 의한 손실에 대해 책임을 지지 않습니다.