[AusNOG] Risks to country and business infrastructure
diosbejgli at gmail.com
Wed Sep 11 22:25:49 EST 2019
The person that got access to their system was not an AWS employee when the
breach happened. The person got access via a misconfigured server/system
that wasn't Amazon's fault.
See the original court case for details:
This is the same as saying it's Amazon's fault that people make their S3
buckets public and information gets exposed.
On Wed, Sep 11, 2019 at 12:26 PM Chad Kelly <chad at cpkws.com.au> wrote:
> On 9/11/2019 12:00 PM, ausnog-request at lists.ausnog.net wrote:
> > When someone questions whether this-or-that was predicted, this seems
> > likely to indicate either the plausibility of the threat, or which side
> > a closed door the questioner was on when the discussions were held.
> I'd worry less about people placing explosives in servers and more about
> making sure that proper checks are in place for the people with access
> to information.
> AWS is a good example of this, they really need to lift their game.
> Stuff like the Capital One incident just shouldn't happen and as a
> result of that I am not recommending AWS to any of our customers.
> That isn't the only reason, but the fact Capital One are still with AWS
> after that incident scares me a little, if I was them I would of dumped
> them as a vendor immediately.
> Basically Datacentres and network operators need to force all staff to
> undergo regular checks particularly when dealing with sensitive info.
> I also am aware that the Capital One case isn't Australian, but it is
> still a good example of why providers need to keep an eye on who has
> access to certain info.
> Chad Kelly
> CPK Web Services
> Phone 03 5273 0246
> Web www.cpkws.com.au
> AusNOG mailing list
> AusNOG at lists.ausnog.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the AusNOG