Attacking Cloud Browsers for Distributed Computing
At times I wonder how many people would argue that attacking computer systems is an art, because it certainly requires a level of creative genius. Researchers at North Carolina State University have successfully attacked a cloud-based browser to perform distributed computing. Potentially such an attack could be used to quickly break passwords.
Cloud-based browsers operate by having all of the intense operations performed at a server while the results are transmitted to the terminal, such as a phone. This enables a small device to have access to a great amount of computational power. The researchers took advantage of this though by using the MapReduce technique developed by Google for coordinating parallel operations on multiple machines. To share the information between the different servers behind the cloud browser, the researchers stored the data packets using URL-shortening sites, such as bit.ly. These packets were 1 MB, 10 MB, and 100 MB in size, but the researchers could have pushed to even larger sizes. They decided not to, so as to not overly stress the services they were exploiting.
A troubling fact of this research is that the technique involved could be performed anonymously. Luckily the researchers do have suggestions for securing the vulnerable systems including require user accounts and limiting how those accounts are used.