Mr. GlassJun 2, 2023
Insecurity Princess 🌈💖🔥
Wow, good burn, @Quinnypig
Jun 1, 2023 at 6:50pmWeb
Show threadInsecurity Princess 🌈💖🔥Jun 1, 2023
You can sign up for Corey Quinn's "Last Week in AWS Security" newsletter here — but the archives for the newsletter don't appear to be available to link you to the current newsletter
https://www.lastweekinaws.com/newsletter/
Newsletter Archive

Chief Cloud Economist Corey Quinn goes through the torrent of news about Amazon’s cloud ecosystem and strains out the noise. Then he takes what’s left and gently and lovingly makes fun of it.

Last Week in AWS
Show threadbEA 🔓Jun 1, 2023
@saraislet @Quinnypig wow it’s like someone is spying on my week!
Show threadInsecurity Princess 🌈💖🔥Jun 1, 2023
@bea "this is not a place of honor"
Show threadbEA 🔓Jun 1, 2023
@saraislet no, far worse, it's a place of compliance auditing.
Show threadTabbyJun 1, 2023
@Quinnypig @saraislet it’s a fantastic call out of the misaligned incentives in motion within infosec 🤩
Show threadquintessence Jun 1, 2023

@saraislet @Quinnypig

🔥

Show threadBrad AckermanJun 2, 2023
@saraislet @Quinnypig
Show threadTim KelloggJun 2, 2023

@saraislet @Quinnypig that’s a great point. A great AWS feature might be some sort of simulator that says, something like

- here’s each login
- here’s what each actually needs, based on what they do
- here’s all similar logins, grouped by what they do
- here’s the a few scenarios of finely scoped permissions that balance number of policies with fine-tuned permissions in different ways
- hit apply

Show threadskottkJun 7, 2023
@saraislet vendors of public IP scanning services hammer you on easily-discovered things like cipher suites because they can’t see your overpermissioned underscoped resources