Amazon's Cloud Is Full of Holes

itwbennett writes "Amazon's Web Services is so easy to use that customers create virtual machines without following Amazon's 'very detailed' security guidelines, says Thomas Schneider, a postdoctoral researcher in the System Security Lab of Technische Universität Darmstadt. Most notably, Schneider and his fellow researchers found that the private keys used to authenticate with services such as the Elastic Compute Cloud (EC2) or the Simple Storage Service (S3) were publicly published in Amazon Machine Images (AMIs), which are pre-configured operating systems and application software used to create virtual machines. '[Customers] just forgot to remove their API keys from machines before publishing,' Schneider said."

Known issue

[Mullen]

This is a known issue and when Amazon.com finds out that certain AMIs have preinstalled root ssh keys, they send you an email letting you know, along with instructions on how to remove the root ssh key. Non-issue.