Bleeping Computer reports that researchers looked into the settings of Amazon S3 servers... and found that the default setting is open (configured to allow public access),
This means that anyone with a link to the S3 server could access, view, or download its content.
Sure, you still need to have the unique link... but there's stuff on Github that enables you to "enumerate Amazon S3 buckets" - i.e., get at the secret links. So yeah....
According to statistics by security firm Skyhigh Networks, 7% of all S3 buckets have unrestricted public access, and 35% are unencrypted, meaning this is an endemic problem of the entire Amazon S3 ecosystem.
Oops.
(Score: 2) by bob_super on Wednesday September 27 2017, @05:17AM (1 child)
It's not a home, it's a store on a street, and they left the door propped open, even if they didn't put up a sign. Curious people may wander in, uninvited and undesired, but not maliciously or forcibly, as implied by "breach".
Better?
(Score: 2) by edIII on Wednesday September 27 2017, @07:18PM
LOL. Somewhat better. It's really difficult to create laws for this stuff precisely because it so difficult to explain with real world analogies that we can digest.
Technically, lunchtime is at any moment. It's just a wave function.