nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Don't panic, Chicago, but an AWS S3 config blunder exposed 1.8 million voter records

Anonymous Coward

The Cloud...

Other peoples computers you can leave private data on

5
1
Silver badge

Re: The Cloud...

It doesn't really matter whose server it is, if you connect it to the Internet and stick a webserver on the front with no authentication then you've been a bit foolish.

AWS makes that a bit easier - the Internet bit is there by default and the no authentication part is a couple of check boxes away.

AWS could help; the interface to their permissions system involves some really horrible JSON or yaml over a multitude of different web pages, it's hard to test and their documentation recommends bad practice - like this:

"Effect":"Allow",

"Action":"s3:*",

"Resource":"*"

4
0
Anonymous Coward

Re: The Cloud...

Other peoples computers you can leave private data on

Hmm, you'll have that problem with *any* outsourced facility. This has little to do with Amazon, more with the people who stored data there without any protection.

1
0
Silver badge
Trollface

Still got nothing to hide?

A wee bit offtopic, sorry I know, but with news like this I always wonder if people still feel that they "got nothing to hide" when the government tries to get even more access into our personal lives.

Yes, this is a bit of a troll but also meant quite seriously.

5
0
Holmes

It's Chicago - they all voted for Hilllary

Nothing to see here...

2
0
Silver badge
Big Brother

Re: It's Chicago - they all voted for Hilllary

As a native of the Chicago area, I will just say when it comes to politics -

"There are no mistakes."

3
0
Bronze badge

Re: It's Chicago - they all voted for Hilllary

...you forgot to say, they all voted for Hillary "twice".

HA!

4
0
Silver badge

Re: It's Chicago - they all voted for Hilllary

...you forgot to say, they all voted for Hillary "twice".

No, they didn't. What happened is that everyone who has ever resided in Chicago, everyone who has ever been in Cook or DuPage Counties, everyone who has ever thought of perhaps visiting Cook County one day, going back to the 19th century, voted for Hillary. That's the Chicago Way.

Merely voting twice limits the possible number of votes.

2
0

AWS genius

How they managed to convince people to pay per CPU cycle I'll never know

Alot of their marketing guff names are like something out of startrek but in reality they are just granular frontends to a broader set of systems that have been available for decades in OSS

Does anybody know what a AWS™ Elastic™ Beanstalk™ is?

Or what a Amazon™ Lightsale™ is?

Maybe Amazon™ Glacier™?

How about a AWS™ Snowmobile™?

This one sounds really cool, no idea what it does, but MAN, it does sound really cool

Amazon™ Redshift™?

AWS™ Greengrass™?

I reckon if I looked hard enough I would probably find: AWS™ tax™ avoider™

But in a more jazzy marketingyish buzzword

3
2
Bronze badge
Childcatcher

It's Not As Bad As All That

.....in Chicago many of the names on the voter rolls are long dead and the others likely to be criminal aliases.....

6
0
Anonymous Coward

Re: It's Not As Bad As All That

Well, that's the Chicago Way, right? Get in their face. Punch back twice as hard. If they put one of ours in the hospital, you put one of theirs in the morgue... and then make him vote.

2
0
Silver badge
Holmes

I'll just leave this here....

Cloud computing!

1
1
Bronze badge

Inquayling Minds ...

... so, when somebody steals the identity of your dead grandfather, can it still affect your credit rating?

Forget what happens when your identity is stolen, that won't change the result of any election.

0
1
Silver badge

Re: Inquayling Minds ...

Very, very hard to steal my identity. I'm me and nothing short of death is really going to change that.

0
0
Bronze badge

Don't panic - well maybe.

People with better than short memories will recall Trumpton's demand for electoral rolls from various US states. They were told, yes this is technically public information, but we charge to give it to you. In fact, political parties routinely buy this info for their campaigns. Every year we get info sheets from the League of Women Voters telling us where and when we vote (note that in the dynamic individualistic USA, you're supposed to find out for yourself with too much govt. assistance). The LWV gets our names and addresses (and probably ages) just like the parties do, and in fact those same items of info are available for mail spammers etc.

The last 4 digits of the SS number are not supposed to be public, AFAIK. They can be used to gain access to certain websites, mostly as verification for name, address, age etc. OTOH they are routinely printed in mail you get from your bank, mutual fund etc. Thank God they stopped using the whole SS on medical insurance cards. What were they thinking?

1
0
Bronze badge

Yes yes we know...

most of the information is easy enough to get; however, you're missing the point.

Don't believe for a second its only name, address and age. There are other items, such as political party, when you voted, possibly items of interest to you, etc.

Not to mention the fact the work is already done... and possibly with your name on it!!

Then, if you're truly a InfoSec professional and not trying to spin this favorably for the democrat's in Chicago (which is likely the case in many posts)... you'd understand it's another database breach via AWS; once again... there is a failure in information security policy; oh yes... and another failure to protect private information by an organization primarily run and manned by democrats.

Hah... I'm an independent politically so I had to say this last bit.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing