Hacker News new | ask | show | jobs
by banana_giraffe 2012 days ago
I'm aware of several leaks that were basically "account holder left bucket wide open"

Some of that is on AWS for initially making the defaults too open, but at the end of the day, S3 was doing what it was told.

Is there some case where S3 was locked down, and the data still leaked?
1 comments
tmotwu 2012 days ago
Yes, that is what leakage is. Even the SolarWinds breach was likely made possible due to a cloud leak. Not a strong argument for cloud setups.
link
unclekev 2012 days ago
> Even the SolarWinds breach was likely made possible due to a cloud leak

What? Their internal build system was comprised and the password for the FTP that hosted their software updates was "solarwinds123"

This had nothing to do with the cloud/a issue with a cloud provider.

link
tmotwu 2012 days ago
> password for the FTP that hosted their software updates was "solarwinds123"

Secrets in a public github repository is a leak, in the cloud.

link
unclekev 2012 days ago
> Secrets in a public github repository is a leak, in the cloud.

Someone uploading their secrets to GitHub has nothing to do with the cloud and everything to do with the incompetence of the people using it.

"This is the clouds fault because one of our engineers made a mistake and 'the cloud' didn't stop them!" does not really hold up.

link