Hacker News new | ask | show | jobs
by withinboredom 1800 days ago
This seems silly to me. I (personally) think it is much more likely for your computer to be stolen/hacked/ransomed than a single account credential to be leaked. If so, "the blast radius" will be whatever you're logged into ... and if you're logged into everything, what's the point?
2 comments
coredog64 1800 days ago
For AWS, blast radius includes things like “developer fucked up on using SSM and exceeded the rate limit for the entire account”. Or “developer failed to set API Gateway rate limit on their trivial app and brought down everything else in the account”
link
conradludgate 1800 days ago
Because you should have 2fa set up and your access to AWS accounts should expire after 1 hour. Also, you likely have full disk encryption enabled, and the person stealing your laptop is unlikely to know who you work for and are more interested in selling it.

If someone acquires credentials, they are usually multi use and long term. And it can go unnoticed if an ec2 instance is span up running crypto mining on your dime, only for you to notice at the end of the day that your estimated bill has shot through the roof

link