Data just wants to be free!

home | blog | Teh Internet | guest blog |rants | political | projects | Gwen and Liam | Citadel patched | Tools | TMBG


- Careful Chrome users, this search box might be "Not secure"



Please, keep putting your data up on S3 storage unsecured people.
The defaults are secure, you are screwing it up....
https://aws.amazon.com/s3/faqs/#security
Q: How secure is my data?

Amazon S3 is secure by default. Only the bucket and object owners originally
have access to Amazon S3 resources they create. Amazon S3 supports user
authentication to control access to data. You can use access control mechanisms
such as bucket policies and Access Control Lists (ACLs) to selectively grant
permissions to users and groups of users. You can securely upload/download
your data to Amazon S3 via SSL endpoints using the HTTPS protocol. If you
need extra security you can use the Server Side Encryption (SSE) option or the
Server Side Encryption with Customer-Provide Keys (SSE-C) option to encrypt data
stored-at-rest. Amazon S3 provides the encryption technology for both SSE and
SSE-C. Alternatively you can use your own encryption libraries to encrypt data
before storing it in Amazon S3.

Looks like you have to go a bit out of your way to leave it open like this:
https://aws.amazon.com/articles/5050/
...
It has come to our attention that some customers have changed default permissions
and granted public access to their buckets. Although you can grant public access
to your bucket using ACLs, you must take the following issues into consideration:
...
Bucket public "READ" access: This is sometimes referred to as "list" access.
It allows anyone to get a complete list of your bucket content. 
It does not grant permissions to read content of an object. However,
a list of object names can often provide more information than necessary
to the public
...

You need to go further than read and poke even more holes!



[æ]