Cloud Computing: More Java holes found in Google App Engine

Grazed from ITNews. Author: Juha Saarinen.

A Polish security firm has discovered more vulnerabilities in the Java coding platform used on Google's App Engine (GAE) cloud computing service, which could allow users to get access beyond their own virtual machines. The Security Explorations team, which has made a name for itself by unearthing large numbers of security holes in Oracle's Java framework over the past few years, said it had reported seven vulnerabilities to Google, along with proof of concept code.

Three of the flaws allow complete bypass of the GAE Java security sandbox. Such a bypass could be used by attackers to glean information about the Java Runtime Environment as well as Google's internal services and protocols to spawn further attacks on the GAE platform itself...

Head of Security Explorations Adam Gowdiak said his company had not heard from Google three weeks after reporting the vulnerabilites. He criticised the technology giant for taking more than one to two business days to run the proof of concept code provided by Security Explorations and read its report...

Read more from the source @ http://www.itnews.com.au/News/404095,more-java-holes-found-in-google-app-engine.aspx#ixzz3aV0JujTG