Slashdot Mirror

← Back to Stories (view on slashdot.org)

One In Six Amazon S3 Storage Buckets Are Ripe For Data-Plundering

Posted by samzenpus on from the ripe-for-the-picking dept.

tsamsoniw writes "Using a combination of relatively low-tech techniques and tools, security researchers have discovered that they can access the contents of one in six Amazon Simple Storage Service (S3) buckets whose owners had them set to Public instead of Private. All told, researchers discovered and explored nearly 2,000 public buckets, according to Rapid 7 Senior Security Consultant Will Vandevanter, from which they gathered a list of more than 126 billion files, many of which contained sensitive information such as source code and personal employee information. Researchers noted that S3 URLs are all predictable and public facing, which make it that much easier to find the buckets in the first place with a scripting tool."

2 of 79 comments (clear)

  1. Attention mods, impersonation warning... apk by Anonymous Coward · · Score: -1, Troll

    Nearly 150++ times that I know of @ this point for all of March 2013 so far, & others here have told you to stop - take the hint, lunatic (leave slashdot)...

    Sorry folks - but whoever the nutjob is that's attempting to impersonate me, & upset the rest of you as well, has SERIOUS mental issues, no questions asked! I must've gotten the better of him + seriously "gotten his goat" in doing so in a technical debate & his "geek angst" @ losing to me has him doing the:

    ---

    A.) $10,000 challenges, ala (where the imposter actually TRACKED + LISTED the # of times he's done this no less, & where I get the 150 or so times I noted above) -> http://it.slashdot.org/comments.pl?sid=3585795&cid=43285307

    &/or

    B.) Reposting OLD + possibly altered models - (this I haven't checked on as to altering the veracity of the info. being changed) of posts of mine from the past here

    ---

    (Albeit massively repeatedly thru all threads on /. this March 2013 nearly in its entirety thusfar).

    * Personally, I'm surprised the moderation staff here hasn't just "blocked out" his network range yet honestly!

    (They know it's NOT the same as my own as well, especially after THIS post of mine, which they CAN see the IP range I am coming out of to compare with the ac spamming troll doing the above...).

    APK

    P.S.=> Again/Stressing it: NO guys - it is NOT me doing it, as I wouldn't waste that much time on such trivial b.s. like a kid might...

    Plus, I only post where hosts file usage is on topic or appropriate for a solution & certainly NOT IN EVERY POST ON SLASHDOT (like the nutcase trying to "impersonate me" is doing for nearly all of March now, & 140++ times that I know of @ least)... apk

  2. Morons Don't Read Slashdot by BoRegardless · · Score: 0, Troll

    Amazon's Jeff Bezos must not give much direction to his crew about running things right.