One In Six Amazon S3 Storage Buckets Are Ripe For Data-Plundering 79
tsamsoniw writes "Using a combination of relatively low-tech techniques and tools, security researchers have discovered that they can access the contents of one in six Amazon Simple Storage Service (S3) buckets whose owners had them set to Public instead of Private. All told, researchers discovered and explored nearly 2,000 public buckets, according to Rapid 7 Senior Security Consultant Will Vandevanter, from which they gathered a list of more than 126 billion files, many of which contained sensitive information such as source code and personal employee information. Researchers noted that S3 URLs are all predictable and public facing, which make it that much easier to find the buckets in the first place with a scripting tool."
This just in... (Score:5, Interesting)
People don't bother reading the manual. Then, everything explodes. How is this news? Please, find me a person in this industry who doesn't know what RTFM means. "Idiot who didn't RTFM exposes personal info." Those of us in the industry have a term for when things like this happen: Tuesday.
What'll be news is when they say "And then the manager and personnel responsible went to jail, because their idiocy cost tax payers millions in lost productivity spent fixing their credit reports and financial lives."
Re:Morons Don't Read Slashdot (Score:5, Interesting)
Amazon's Jeff Bezos must not give much direction to his crew about running things right.
The default policy is set to private and Amazon provides extensive documentation and support should customers wish to secure things properly. 5 out of 6 did, and think the sixth is a blithering idiot. How is Bezos responsible for the sixth guy shooting himself in the foot as when he was handed the gun it clearly said "Do not pull trigger while pointing at self."?
Re:URLs? (Score:3, Interesting)
So basically they walked down the street checking door to see which ones were unlocked then looked inside the unlocked houses?
It would be like walking down a street and peeking in to public restaurant to see what's on the menu.