Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday September 26 2017, @06:42PM   Printer-friendly
from the left-the-door-open dept.

Bleeping Computer reports that researchers looked into the settings of Amazon S3 servers... and found that the default setting is open (configured to allow public access),

This means that anyone with a link to the S3 server could access, view, or download its content.

Sure, you still need to have the unique link... but there's stuff on Github that enables you to "enumerate Amazon S3 buckets" - i.e., get at the secret links. So yeah....

According to statistics by security firm Skyhigh Networks, 7% of all S3 buckets have unrestricted public access, and 35% are unencrypted, meaning this is an endemic problem of the entire Amazon S3 ecosystem.

Oops.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by edIII on Tuesday September 26 2017, @08:14PM (1 child)

    by edIII (791) on Tuesday September 26 2017, @08:14PM (#573464)

    There is also a tendency to not encrypt anything. 65% of the buckets were encrypted, which I think is a pretty damn good number. I would think that would've been even lower given the tone of the article. This researcher is way off base saying the problem is endemic of the entire Amazon S3 ecosystem.

    7% isn't all that high, but I do wonder what percentage of that is government run databases with sensitive information?

    --
    Technically, lunchtime is at any moment. It's just a wave function.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Wednesday September 27 2017, @02:34AM

    by Anonymous Coward on Wednesday September 27 2017, @02:34AM (#573627)

    Time to encrypt by default