Researchers Steal Cloud Computing Power Via Browsers
Security researchers demonstrate that cloud computing can be taken at no cost, if you know where to find the processing cycles.
7 Cheap Cloud Storage Options
(click image for larger view and for slideshow)
While Amazon and Google compete in a cloud computing price war, neither company can beat the price proposed by academic computer researchers: free.
Computer scientists at North Carolina State University and the University of Oregon have demonstrated that it is possible to conduct large-scale cloud computing tasks anonymously at no cost by abusing cloud-based browsers, such as Amazon Silk, Cloud Browse, Opera Mini and Puffin.
Other security researchers have demonstrated ways in which cloud computing can be used to break weak security. For example, Moxie Marlinspike's CloudCracker service leverages the power of cloud-based servers to crack network passwords. But such number crunching costs money.
What William Enck, an assistant professor of computer science at N.C. State, and his five co-authors describe in their paper is a technique they call a Browser MapReduce (BMR).
With careful coordination, BMR demonstrates "a new way of performing parasitic computing," the paper states. For free storage, the BMR experiments conducted relied on the bit.ly URL shortening service, through which data encoded in URLs could be preserved and accessed via the bit.ly API.
The paper's authors liken cloud browsers to insecure mail servers. "By rendering Web pages in the cloud, the providers of cloud browsers can become open computation centers, much in the same way that poorly configured mail servers become open relays," they say.
BMR outperformed Amazon's Elastic MapReduce and Hadoop running on Amazon EC2 for a distributed grep job. It performed less well when processing word count and distributed sort experiments, but the researchers note that BMR was not designed to outpace MapReduce and that the meager savings in the experiments -- the Amazon jobs cost three or four cents, while BMR cost nothing -- could be much more significant for a large job over a long period of time, like distributed password cracking.
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.