Hacker News new | ask | show | jobs
by rbranson 5697 days ago
While this is disconcerting, I wouldn't make any business decisions based on such a claim. The idea that EC2 is "owned" without Amazon knowing about it is closing in on absurdity. I've worked directly with Amazon as an outside vendor and they are very security concious, to the point of near paranoia.
1 comments
joecode 5697 days ago
While I agree it is hard to believe, it would be even more surprising if Amazon did know about it. The fact that they do not use AWS internally suggests that---at least with their level of paranoia---they seem to suspect AWS themselves.
link
benblack 5697 days ago
Both you and your friend are misinformed.
link
rbranson 5697 days ago
^^--- this guy used to be a seriously big deal within Amazon operations. Listen to him.
link
joecode 5697 days ago
I'm not sure how you can say that so matter-of-factly. My security friend was talking about something that Amazon does not (and presumably very few people do) know. Meanwhile my friend at Amazon was just stating the fact that he was not supposed to use AWS, or only with extreme caution. Of course that may differ from department to department, if that's what you mean.
link
benblack 5697 days ago
http://www.linkedin.com/profile/view?id=6320672
link
ceejayoz 5697 days ago
For anyone who doesn't want to log in to LinkedIn, "Sr. Manager, Information Security at Amazon.com"
link
joecode 5697 days ago
Your resume is very impressive, and I see that you obviously know a lot about security at Amazon, yet this by itself does not discount my points. Those are:

1) AWS could be compromised, as my first friend claimed, without Amazon knowing about it.

2) My second friend is not allowed to use AWS for security reasons.

The truth of the first point is indeterminable, I think we may agree. Meanwhile, the second point may indeed be due to my friend being misinformed, if for example, you are aware of a Amazon-wide policy that says engineers can use AWS willy-nilly, so long as they abide by general security regulations that are used elsewhere.

link
joecode 5697 days ago
Interesting... so it seems resume trumps argument at HN?

Well, pile on the down-votes folks, I've got to get back to work.

link