Dual purpose technologies

The interesting thing from a security perspective about new technologies is that they solve as many problems as they create. Cloud computing and virtualization are great examples of that, providing new opportunities to leverage security efforts as well as eliminate some of the security exposures associated with traditional, physical platforms. They also introduce new exposures, some of which can challenge existing assumptions. An example of that is the enhanced, off-the-shelf computer power offered by cloud services. A German security researcher has just demonstrated that, exploiting a new kind of hosted offering on Amazon’s EC2 to decipher password data encrypted using the SHA1 algorithm. Now everyone has access to the brute force power needed to crack encrypted passwords and data.