SoylentNews

FakeBeldin [soylentnews.org] writes:

Bleeping Computer [bleepingcomputer.com] reports that researchers looked into the settings of Amazon S3 servers... and found that the default setting is open (configured to allow public access),

This means that anyone with a link to the S3 server could access, view, or download its content.

Sure, you still need to have the unique link... but there's stuff on Github [github.com] that enables you to to "enumerate Amazon S3 buckets" - i.e., get at the secret links. So yeah....

According to statistics by security firm Skyhigh Networks, 7% of all S3 buckets have unrestricted public access, and 35% are unencrypted, meaning this is an endemic problem of the entire Amazon S3 ecosystem.

oops.

Original Submission