One In Six Amazon S3 Storage Buckets Are Ripe For Data-Plundering 79
tsamsoniw writes "Using a combination of relatively low-tech techniques and tools, security researchers have discovered that they can access the contents of one in six Amazon Simple Storage Service (S3) buckets whose owners had them set to Public instead of Private. All told, researchers discovered and explored nearly 2,000 public buckets, according to Rapid 7 Senior Security Consultant Will Vandevanter, from which they gathered a list of more than 126 billion files, many of which contained sensitive information such as source code and personal employee information. Researchers noted that S3 URLs are all predictable and public facing, which make it that much easier to find the buckets in the first place with a scripting tool."
URLs? (Score:4, Insightful)
"Researchers noted that S3 URLs are all predictable and public facing"
I thought that was the whole effing point of URLs/URIs? Whether or not you get authorized to access them should be a completely orthogonal issue...or not?
Will these guys get 41 months in jail too? (Score:4, Insightful)
If the justice department or any company affected by this wants to, they could claim Computer Fraud and Abuse.
Yet somehow I doubt the "researches" will get any jail time.