back to article Silk road adviser caught, Kaspersky sues Dutch paper, and Vietnam's tech clampdown

This week included a big Patch Tuesday bundle, a fresh fine for Yahoo!, and yet another Intel bug that potentially exposes sensitive kernel information. Here are a few of the other security stories that broke this week. Kaspersky hungry for some Dutch crunch Eugene Kaspersky says he's sick of bad news coverage, and he's …

  1. Kurgan

    Vietnam, uh?

    I'm totally sure that in Vietnam the law stating that data should reside only inside the country is made to restrict citizen's freedom.

    But, I'm also totally sure that the same applies to every other state that has such a law (Europe, I'm talking abou YOU!).

    Soon every nation will have its own great firewall, and the free and united internet will cease to exist.

    1. Lars Silver badge
      Facepalm

      Re: Vietnam, uh?

      Any specific country in Europe you are talking to.

      1. Anonymous Coward
        Anonymous Coward

        Re: Vietnam, uh?

        Any specific country in Europe you are talking to.

        Germany?

    2. Kevin McMurtrie Silver badge

      Re: Vietnam, uh?

      Vietnam's Internet has been screwed for a long time. When I was there, SSL connection attempts almost always complained about an invalid certificate. If that's fixed I'd be more inclined to think it's because VN, CN, and all the hackers along the way have gotten better at faking them.

  2. Michael Hoffmann Silver badge
    Facepalm

    S3

    Am I missing something about all these S3 fiascos?

    Just how do you DO that? You have to actively make a bucket or object public, S3 will bitch at you "are you certain?" and then it constantly has a reminder/warning "blabla you have public buckets/objects, this is not secure, you may want to reconsider blabla".

    That's in the console obviously, but frankly I have the nagging suspicion that those who commit these blunders would be out of their depth using CLI/SDK anyway.

    So, just how incompetent are your cloud monkeys that this happens all the time? Is that a rhetorical question?

    Yes, your static website has to be public, but does anybody use that for anything but error failover with a few HTML pages?

    Bucket policies, IAM policies... there's bloody wizards that do hand-holding for the CLI/JSON impaired!

    Just don't get it.

    1. Pascal Monett Silver badge

      Re: S3

      I propose this scenario :

      An internal IT jockey has a project and needs to test some functionaity. He goes to his boss and gets approval for a bucket. He loads demo data on it, nothing important or critical, no customer data. Security is not important, testing functionality is, so he keeps his life simple and doesn't lock anything down.

      He does his tests, bugs out and leaves the bucket for another round of testing later on.

      Meanwhile, pentesters happen upon the bucket, alert the meadia, articles screaming bloody murder are written, and the IT guy quietly activates security on the bucket thinking "bloody hell, what a lot of hot air for nothing".

      1. Anonymous Coward
        Anonymous Coward

        Re: S3

        Or the IT staff do the right thing, but at some point the project gets taken over and no one bothers to pay attention to their request to make certain to remember to change the test unit over to private before going live?

  3. Robert Helpmann??
    Childcatcher

    Not That Krebs. The Other Krebs.

    I had my hopes up for a moment, but should have known better. Just in case anyone missed the reference:

    https://krebsonsecurity.com/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like