back to article Good news: Unsecured Amazon Web Services S3 bucket discovery just got easier

If you thought the business of discovering unsecured Amazon Web Services S3 buckets was for the pros, think again: like all things, the process can be automated, and the code to automate it posted to GitHub. It's not a new discipline: quickly Googling GitHub for S3 bucket enumeration turns up more than 1,000 results. However, …

  1. Lysenko

    Oh, that's not good news is it?

    Yes, it is. Much like Telnet vs. SSH, creating a sh!tstorm of such biblical proportions that someone screwing up is almost guaranteed to be comprehensively hacked in seconds is clearly the only way to get the message across to the imbeciles responsible for these daily data leaks.

    1. Mark 85

      Re: Oh, that's not good news is it?

      Nah... the company fires the IT guy or whoever set them up, does a quick PR campaign, and bonuses all around for the C-Suite. But when the word gets out about a company's bucket(s) getting hacked, they might lose some customers and that will hurt the bottom line.

  2. txt3rob

    always fun!

    https://xsses.rocks/finding-s3-buckets-by-accident/

    when running burp you can find them and their permissions.

    handy for bug bountys or sub domain take overs

  3. yoganmahew

    The toughest password imaginable...

    ...means you'll be at risk of losing access to your bucket. Best have a less secure bucket holding a backup somewhere, maybe on prem? Oh... I see...

  4. Anonymous Coward
    Anonymous Coward

    Told one of our customers back in August that they had some insecure buckets and that we either needed to lock them down or remove them.

    Half of them are still there because it's taken then this long to makes sure that they're not using them any more. Fortunately it's all just things like promo videos for their website rather than anything private, but somehow I doubt they'd be any quicker even if it was.

    1. tfewster
      Joke

      I see the problem...

      ...a bucket is open at one end, so the contents can slop out.

      But seriously, is using a CIS ready-hardened image a simple solution to all cloud-based VM security issues, or is it more complicated than that?

  5. Anonymous Coward
    Anonymous Coward

    ferc is a nice one.

    ferc seems to be a nice public bucket, every document ever sent to the Federal Energy Regulatory Commission.

    1. nagyeger
      Mushroom

      Re: ferc is a nice one.

      I sincerely hope that excludes power station designs, floor plans etc.

      Especially anything that might do that if mistreated -->

      1. Sweeping Brush

        Re: ferc is a nice one.

        Not really sure what's in there but there's a bunch of documents with this in the footer :

        <center>You don't have permission to access this document.<BR>This document (eLibrary accession no.<font color=red> THERE WAS A NUMBER HERE</font>) is Critical Energy Infrastructure Information (CEII). <BR> The public may file a CEII request under 18 C.F.R. 388.113. <!--The public also may file a FOIA request under 18 C.F.R. 388.108--></center>

        <!--<center>You don't have permission to access this document over the Internet. <BR> This document (eLibrary accession no. <font color=red> THERE WAS A NUMBER HERE</font>) is Non-Internet Public (NIP). <BR> Public access to this document is available through the <A href="mailto:public.referenceroom@ferc.gov">public.referenceroom@ferc.gov</A>).</center>-->

  6. Anonymous Coward
    Anonymous Coward

    read the slurp repo VERY carefully before you download it :)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like