AWS’s Trusted Advisor tool, which is supposed to warn customers if their (cloud) S3 storage buckets are publicly exposed, could be “tricked” into reporting them as not exposed when they actually are, Fog Security researchers have found. S3 access protection mechanisms Amazon S3 provides several mechanisms for granting access to storage buckets: IAM users, roles, and policies: Users define who can access their S3 resources using fine-grained permissions Bucket policies: Users define who can access … More
The post AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged appeared first on Help Net Security.
