Slashdot Mirror
Amazon EC2 Enables Cheap Brute-Force Attacks
snydeq writes "German white-hat hacker Thomas Roth claims he can crack WPA-PSK-protected networks in six minutes using Amazon EC2 compute power — an attack that would cost him $1.68. The key? Amazon's new cluster GPU instances. 'GPUs are (depending on the algorithm and the implementation) some hundred times faster compared to standard quad-core CPUs when it comes to brute forcing SHA-1 and MD,' Roth explained. GPU-assisted servers were previously available only in supercomputers and not to the public at large, according to Roth; that's changed with EC2. Among the questions Roth's research raises is, what role should Amazon and other public-cloud service providers play in preventing customers from using their services to commit crimes?"
"what role should Amazon and other public-cloud service providers play in preventing customers from using their services to commit crimes?"
The same role that Ford Motor Company is responsible to fill in preventing the use of it's vehicles as Getaway cars from scenes of crimes.
There's a spot in User Info for World of Warcraft account names? Really?
Amazon provide infrastructure services. They need not, should not, must not know or seek to know how these services are used.
Oh wait, Wikileaks...
They who would give up an essential liberty for temporary security, deserve neither liberty or security - Ben Franklin
They should not take any steps in this direction. We should have learned that. it. just. don't. work. Brute-forcing a hash is not illegal anyway. If the customer of amazon decides to misuse the result, than this is not the responsibility of Amazon. Many services and tools can be abused for crime.