GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Untitled attachment

Download link

Notices where this attachment appears

  1. Embed this notice
    Ramesh #NotGoingBack (rameshgupta@mastodon.social)'s status on Friday, 19-Jul-2024 07:50:07 JST Ramesh #NotGoingBack Ramesh #NotGoingBack
    in reply to

    ⬆️ >> #Netanyahu is “buying time”

    “I wish that he would be a statesman and do what is right for Israel. We all love #Israel,” former House Speaker Nancy #Pelosi said recently on CNN. “We need to help them and not have him stand in the way of that for such a long time.”

    Tensions between Netanyahu and #Biden have been seeping into the public.

    As of now, no meeting between the leaders during Netanyahu’s Washington visit has been scheduled.

    https://apnews.com/article/israel-democrats-netanyahu-congress-address-boycott-war-54d4abfb517e399b22324d4c535427aa

    In conversation about 4 months ago from mastodon.social permalink
  2. Embed this notice
    Victor Grenu (zoph@infosec.exchange)'s status on Tuesday, 03-Jan-2023 17:39:15 JST Victor Grenu Victor Grenu

    Last week, I discovered a public Amazon S3 bucket belonging to a French bank that contained approximately 16GB of data (122 339 files), including static assets such as CSS, JavaScript, and images, as well as official documents, schema, unverified IBANs and API documentation.

    While the bucket was intentionally left open, the bank's security team promptly responded to my report and corrected the issue.

    However, there are several potential risks associated with leaving an Amazon S3 bucket open to the public.

    By knowing the name of the bucket, I was able to download its entire contents, potentially gain access to sensitive information (naming convention, API endpoints), and even deduce the bank's AWS Account ID (prod?) and AWS Organization ID.

    In today's AWS Security landscape, it is generally considered best practice to use a CloudFront distribution to expose static files rather than leaving S3 buckets open to the public.

    As a fun side note, I discovered that Google was also indexing the bucket's contents.

    Despite the security lapse, the bank was grateful for my report and even rewarded me with a $10 credit as a customer.

    Overall, it was a reminder that security is an ongoing effort, and we should all be vigilant in protecting our assets.

    #AWS #Security

    In conversation Tuesday, 03-Jan-2023 17:39:15 JST from infosec.exchange permalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.