1 comment

[ 1.4 ms ] story [ 13.0 ms ] thread
physical access is root access... I don't think renting virtual servers (what you are doing with ec2, at least) is inherently any less secure than renting a physical server. Either way, if I am the provider, and I am willing to do unethical things to your server, I can.

Virtualization makes this slightly easier, but it's certainly possible on physical servers. If you are co-locating your own hardware, I only need to fake one crash to give myself root. If you are renting a server, well, it's easy enough to trojan the image I give you.

Like most of the 'cloud computing' hype, these problems have been around for a while. 'cloud computing' seems an awful lot like 'what we have been doing all along, only faster and in a standard manner' Not that it's not awesome, but I'm just saying that the problems are not new.

(unless you mean application-level cloud computing like google app engine. that's something different, with different concerns. I was speaking of 'quick provisioning' clouds, or 'utility computing' like amazon ec2)