nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Open AWS S3 bucket leaked hotel booking credit card authorizations

Silver badge

I don't have confidence in MacKeeper here. Their "story" can't decide if it wants to be a news item or a vulnerability report. You don't say "Online Service Offering Group Hotel Bookings Allegedly Exposed Sensitive..." if it's you yourself making the allegations.

Either you have confidence in what you're saying in or you don't. If you have confidence publish your findings. If you don't have confidence shut up until you do. Don't hide behind "allegedly".

1
0

This post has been deleted by its author

Bronze badge

Sounds like fun for someone, however whilst the host was AWS they're not in anyway to blame are they? I work with equipment that can make a business fail their PCI-DSS compliance tests with one incorrectly set password (as I'm sure do many of us). Not the equipments fault though..

1
0
Silver badge

@Wyatt

AWS has a lot of security going for it.

However unless you turn it on... its useless.

Clearly this is the guy who put the data up there's fault.

The issue is that many don't view the cloud as a separate entity where you need to lock things down, but an extension of their own data center(s) where you're behind a firewall.

This is a good example of why the cloud is less secure than your very own data center.

1
0
Bronze badge

Re: @Wyatt

I do see your point, I suppose it's going to take a while for (some) admins to get their game up to speed in using off site providers.

0
0
Silver badge

Bah!

Oh dear, someone persisted ccv codes despite being told by Visa et al not to?

Well, I see no alternative. Canings all round, followed by a week wearing the conical hat of extreme stupid.

6
0
Bronze badge

Re: Bah!

What, and have to look up the CCV code EVERY TIME I reserve a hotel room? Why don't I just pay with sea-shells and colorful beads? Jeese!

2
0
Silver badge

Anything about RDS?

It is not so much the buckets that fill me with dread ... its the bloody developers who think that it is a good idea to deploy public-facing Aurora databases with complex passwords like 'root', or 'password'. I recently disabled one db like this and sent the developer an email about password security. I notice from LastPass that the database password had been updated to "F11ck0ffC*nt" .. changed since the client also has access to the db.

4
0
Silver badge

Re: Anything about RDS?

Wow, that's seriously unprofessional. Does his manager know?

3
0
Silver badge

Re: Anything about RDS?

Indeed, the new password is likely to be very early on in a dictionary attack.

Oh, you mean the poor coding and attitude to constructive comment. That's just depressingly familiar.

1
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing