Sign up to save your podcasts
Or
Share Security Loopholes in AWS
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Security Loopholes in AWS
Security a primary factor that holds back people from embracing the cloud, it's a shared responsibility between the vendor and application owner. This Podcast covers a research article from Palo alto networks on how a error message acted as feedback mechanism to try different account ids and hack into the system. The current architecture doesn't cap the number of failed attempts nor there is a timing window that completely facilitates the exercise. Further, the insidious attempts are logged into the account of the hacker completely blindsiding the operations admin
A similar exercise was successful in the past using a similar concept of IAM Role assumption, though it was quickly fixed by AWS team, the base concept between the two exercises remains the same
For Questions/feedback/suggestions pls mail me at [email protected]
#aws #security #cloud
View all episodes
By ShammySecurity a primary factor that holds back people from embracing the cloud, it's a shared responsibility between the vendor and application owner. This Podcast covers a research article from Palo alto networks on how a error message acted as feedback mechanism to try different account ids and hack into the system. The current architecture doesn't cap the number of failed attempts nor there is a timing window that completely facilitates the exercise. Further, the insidious attempts are logged into the account of the hacker completely blindsiding the operations admin
A similar exercise was successful in the past using a similar concept of IAM Role assumption, though it was quickly fixed by AWS team, the base concept between the two exercises remains the same
For Questions/feedback/suggestions pls mail me at [email protected]
#aws #security #cloud