Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I thought this attack allows one VM to takeover another VM, and the victim VM (the software on that VM...) talks with those services?


Well, so GCP is pretty big on serverless architecture. It is completely possible that there is no GCE instance at all which has Cloud API access to a particular service.

A company might be making heavy use of BigQuery in their project, but have a data processing pipeline that uses tools like Cloud Functions, Scheduled Queries, and BQ Transfer Service to push sanitized data into a Cloud SQL instance for the front end to use.

So no GCE instance will need Cloud API access to BigQuery, so no matter what level of access is obtained by an intruder on any VM, they will never be able to access BigQuery.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: