Aljoscha Rittner (beandev)Feb 17, 2025

Meine Güte, wie erklärt man Engineers, dass man keine S3 bucket deep links an Frontends verteilt, ohne bei Adam und Eva anzufangen.

Und nein Signed Retention URLs helfen vielleicht bei der Privacy, aber nicht bei Security. Vor allem nicht beim Kapseln von Technologien hinter einer API und vor allem nicht bei Optimierungen (batch load) oder Observability (Monitoring, Alerting, Accounting, Auditing...)

#s3bucket #bucketchallenge #aws

bucketchallengeAug 24, 2024
I just found a #s3 #bucket of a bigger german travel agency. It contains a lot of complaints from the customers, containing names, birthdays, passwords, medical details from guests with complications, flighttickets.
The report to that company was send just now, the respondible dateprotection officer in CC. #BucketC #bucketchallenge
bucketchallengeAug 19, 2024
Another #s3 #Bucket was just reported to [email protected]. The folder containing IDs of italian citizen contains approx 20k files. #BucketB. Beside that there is little to no clue to whoom the bucket belongs. #bucketchallenge
Martin SeegerAug 5, 2024

Happy to report an error message

In #infosec error messages can be very good news. Until a few days ago, instead of the error message below, you would have had access to 300.000+ patients records from Colombia.

Thanks to the help from @Hyperconectado and @mapisaro plus support from Oscar Javier Asprilla Cruz from the Asesor Grupo de Transformación Digital we managed to get it offline.

Further thanks to everyone else who helped with contacts.

I will continue with my taks of getting S3 buckets with critical data offline. If you are interested, I will use the hashtag #bucketchallenge for follow-ups.