Researchers demo cloud security issue with Amazon AWS hijacking attack
Researchers from the Horst Goertz Institute (HGI) of the Ruhr-University Bochum (RUB) in Germany have demonstrated an account hijacking attack against Amazon Web Services (AWS) that they believe affects other cloud computing products as well.
The attack uses a technique, known at XML signature wrapping or XML rewriting, that has been known since 2005 and exploits a weakness in the way Web services validate signed requests.