Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Cloud Security IT

One In Six Amazon S3 Storage Buckets Are Ripe For Data-Plundering 79

Posted by samzenpus from the ripe-for-the-picking dept.
tsamsoniw writes "Using a combination of relatively low-tech techniques and tools, security researchers have discovered that they can access the contents of one in six Amazon Simple Storage Service (S3) buckets whose owners had them set to Public instead of Private. All told, researchers discovered and explored nearly 2,000 public buckets, according to Rapid 7 Senior Security Consultant Will Vandevanter, from which they gathered a list of more than 126 billion files, many of which contained sensitive information such as source code and personal employee information. Researchers noted that S3 URLs are all predictable and public facing, which make it that much easier to find the buckets in the first place with a scripting tool."
This discussion has been archived. No new comments can be posted.

One In Six Amazon S3 Storage Buckets Are Ripe For Data-Plundering More

One In Six Amazon S3 Storage Buckets Are Ripe For Data-Plundering

Comments Filter:

  • This just in... (Score:5, Interesting)

    by girlintraining ( 1395911 ) on Wednesday March 27, 2013 @07:26PM (#43297965)

    People don't bother reading the manual. Then, everything explodes. How is this news? Please, find me a person in this industry who doesn't know what RTFM means. "Idiot who didn't RTFM exposes personal info." Those of us in the industry have a term for when things like this happen: Tuesday.

    What'll be news is when they say "And then the manager and personnel responsible went to jail, because their idiocy cost tax payers millions in lost productivity spent fixing their credit reports and financial lives."

  • Re:Morons Don't Read Slashdot (Score:5, Interesting)

    by girlintraining ( 1395911 ) on Wednesday March 27, 2013 @07:46PM (#43298151)

    Amazon's Jeff Bezos must not give much direction to his crew about running things right.

    The default policy is set to private and Amazon provides extensive documentation and support should customers wish to secure things properly. 5 out of 6 did, and think the sixth is a blithering idiot. How is Bezos responsible for the sixth guy shooting himself in the foot as when he was handed the gun it clearly said "Do not pull trigger while pointing at self."?

  • Re:URLs? (Score:3, Interesting)

    by BradleyUffner ( 103496 ) on Wednesday March 27, 2013 @10:10PM (#43299087) Homepage

    So basically they walked down the street checking door to see which ones were unlocked then looked inside the unlocked houses?

    It would be like walking down a street and peeking in to public restaurant to see what's on the menu.

Slashdot Top Deals

"More software projects have gone awry for lack of calendar time than for all other causes combined." -- Fred Brooks, Jr., _The Mythical Man Month_

Close