One In Six Amazon S3 Storage Buckets Are Ripe For Data-Plundering 79
tsamsoniw writes "Using a combination of relatively low-tech techniques and tools, security researchers have discovered that they can access the contents of one in six Amazon Simple Storage Service (S3) buckets whose owners had them set to Public instead of Private. All told, researchers discovered and explored nearly 2,000 public buckets, according to Rapid 7 Senior Security Consultant Will Vandevanter, from which they gathered a list of more than 126 billion files, many of which contained sensitive information such as source code and personal employee information. Researchers noted that S3 URLs are all predictable and public facing, which make it that much easier to find the buckets in the first place with a scripting tool."
Re:I think it's booty (Score:5, Informative)
http://yro.slashdot.org/story/13/03/18/1641221/41-months-in-prison-for-man-who-leaked-att-ipad-email-addresses [slashdot.org]
Re:Morons Don't Read Slashdot (Score:4, Informative)
> The default policy is set to private
It is now, but it wasn't in Dec 2006 when I first started using S3. I looked through my buckets, and all of them I created that month are all public.