HackerTrans
TopNewTrendsCommentsPastAskShowJobs

yfiapo

no profile record

comments

yfiapo
·9 miesięcy temu·discuss
Highly likely to be coincidence. Typically an exposed access key. Exposed password for non-MFA protected console access happens but is less common.
yfiapo
·w zeszłym roku·discuss
I agree this was a security concern and it was reported and addressed appropriately. With that said as things go this is pretty minor; perhaps a medium severity issue. Information disclosures like this may be leveraged by attackers with existing access to the lower environment, in conjunction with other issues, to escalate their privileges. By itself, or without the existing access, it is not usable.

More over, the issue wasn’t that AWS recommended or automatically setup the environment insecurely. Their documentation simply left the commonly known best practice of disallowing trusts from lower to prod environments implicit, rather than explicitly recommending users follow that best practice in using the solution.

I don’t think over-hyping smaller issues, handled appropriately, helps anyone.
yfiapo
·w zeszłym roku·discuss
The term was used by OpenBSD starting in 1999 for a group of devs getting together for a few days or a week and hacking on specific projects together in person. Not sure about earlier than that but that’s what I still associate the term back to.

https://www.openbsd.org/hackathons.html