ionut97 Posted May 1, 2012 Report Share Posted May 1, 2012 Panos Ipeirotis, a computer scientists working at New York University,attack on his Amazon web service using Google Spreadsheets and Panos Ipeirotis checked his Amazon Web Services bill last week - its was $1,177.76 !He had accidentally invented a brand new type of internet attack, thanks to an idiosyncrasy in the online spreadsheets Google runs on its Google Docs service, and he had inadvertently trained this attack on himself. He calls it a Denial of Money attack, and he says others could be susceptible too.On his personal blog Ipeirotis explained that it all started when he saw that Amazon Web Services was charging him with ten times the usual amount because of large amounts of outgoing traffic.As part of an experiment in how to use crowdsourcing to generate descriptions of images, he had posted thumbnails of 25,000 pictures into a Google document, and then he invited people to describe the images. The problem was that these thumbnails linked back to original images stored on Amazon’s S3 storage service, and apparently, Google’s servers went slightly bonkers. “Google just very aggressively grabbed the images from Amazon again and again and again,” he says.After analyzing traffic logs he was able to determine that every hour a total of 250 gigabytes of traffic was sent out because of Google’s Feedfetcher, the mechanism that allows the search engine to grab RSS or Atom feeds when users add them to Reader or the main page.After speaking with Google representatives, Ipeirotis believes that the company is trying to balance user privacy with a desire to present fresh content. It seems that Google doesn’t want to store the information on its own servers so it uses Feedfetcher to retrieve it every time, thus generating large amounts of traffic.“Google becomes such a powerful weapon due to a series of perfectly legitimate design decisions,” Ipeirotis wrote in a blog posting on the issue.Sursa:http://thehackernews.com/2012/04/accidentally-invented-dos-attack-using.html Quote Link to comment Share on other sites More sharing options...
