|
|
|
|
|
|
by zenexer
1466 days ago
|
|
|
The metadata service is a big issue. When you pair EC2 with common, off-the-shelf software, you can end up inadvertently allowing requests to EC2's metadata service. That allows an attacker to gain the same privileges as the EC2 instance they're hitting, which often means they can access resources like private S3 buckets. While the metadata service isn't technically a vulnerability, it's poorly designed. Not enough thought went into its security, but too much relies on it for them to disable the current version overnight. Any changes are going to take many years. |
|
|
This kind of thinking strikes me as exactly how Amazon gets away with this stuff.