‘Cloud squatters’ find data meant for previous tenants
A team at Penn State University discovered that user information can be leaked during the fairly common process of companies leaving a public cloud service and their old IP address being handed off to the next tenant.
Isn’t the deeper problem that the clients are blindly sending data in the clear instead of first authenticating the server, and then sending encrypted data? It seems like if those basic steps were taken, this wouldn’t be a serious problem.
(sigh) this is especially frustrating because its root cause is not a technical issue, but an operational one. People just need to be aware which IP addresses they put into their DNS zones, and remove or update them whenever necessary.
Unfortunately (and, to some extend, perhaps unsurprisingly), tech giants fail to keep track of this as well:
(But of course, everybody had allowed *.microsoft.com, so these are likely to slip through access restrictions in place…)