Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
US Census Bureau: Data Exposed in Alteryx Leak Already Public
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
12/31/2017 | 9:54:51 PM
Re: Incorrectly Configured S3 Bucket
@Ryan: Well, they already have, as we've started to see. Whether it's enough, however, remains to be seen.
Cadopac
50%
50%
Cadopac,
User Rank: Apprentice
12/27/2017 | 7:12:53 AM
Re: Incorrectly Configured S3 Bucket
Agreed !
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
12/26/2017 | 8:49:36 AM
Re: Incorrectly Configured S3 Bucket
@Dr T. "Secure VPC's"

My assumption is that amazon does this by default and then customers, unfortunately, reduce the security parameters. Based on earlier discussion on brand reputation I would be surprised if Amazon made customers pay more for a secure deployment.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
12/26/2017 | 8:46:23 AM
Re: Incorrectly Configured S3 Bucket
@Joe. That's a great point. Question is, what is the catalyst to start Amazon on the path of completely locking down their UI/UX from a hardening perspective? Is this exposure enough to facilitate a change?
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/25/2017 | 7:15:21 PM
Re: Incorrectly Configured S3 Bucket
Anytime Amazon sees its name in the news articles about data breaches -- even if it's "not their fault" -- it's brand damaging. That is a good point and true. Nobody wants to be in the news because of breaches.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/25/2017 | 7:13:34 PM
Re: Incorrectly Configured S3 Bucket
Ultimately, the fault lies with the users/customers That would be the case, if system is breached because data is not encrypted at rest it, consumers and argue with that.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/25/2017 | 7:11:31 PM
Re: Incorrectly Configured S3 Bucket
Amazon, by default, should be deploying secure VPC's. I think Amazon already provides that, it may cost the consumer tough.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/25/2017 | 7:09:50 PM
Re: Incorrectly Configured S3 Bucket
Can someone elaborate as to if this was a fault of amazon or the company leveraging those services? That is the question in the cloud, it depends on the cloud service provider I guess
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/25/2017 | 7:08:16 PM
Public data
It can be public data but if protected and accessed by hackers that would still constitute a breach and should be avoided
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
12/23/2017 | 5:39:41 PM
Re: Incorrectly Configured S3 Bucket
@Ryan: Since an outbreak of high-profile breaches due to misconfigured S3 buckets, Amazon has made some efforts to make things easier to configure and more transparent/visible. Ultimately, the fault lies with the users/customers -- but Amazon does bear some responsibility from a UI/UX perspective, no doubt. Anytime Amazon sees its name in the news articles about data breaches -- even if it's "not their fault" -- it's brand damaging.
Page 1 / 2   >   >>


When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22166
PUBLISHED: 2021-01-15
An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method
CVE-2021-22167
PUBLISHED: 2021-01-15
An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository
CVE-2021-22168
PUBLISHED: 2021-01-15
A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.
CVE-2021-22171
PUBLISHED: 2021-01-15
Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link
CVE-2020-26414
PUBLISHED: 2021-01-15
An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.