This is not an idea , this was actually demonstrated in the RSA Conference.
The researchers simply automated the process of signing up for the free IaaS and PaaS services.
Much of the abuse the pair tested was made possible due to poor verification of users during the trial account creation process. Even when some services tried to limit accounts by limiting Internet access to those accounts, the researchers were easily able to break the accounts from those bonds through quick workarounds.
Of the 150 different PaaS and IaaS sites the duo tested, two-thirds of them were not doing any CAPTCHAs, SMS verification or credit card verification beyond simple email account verification.
The link below has more details:
No comments:
Post a Comment