November 29, 2017 — AWS S3 ‘Misconfiguration’ Opens Door to MITM Attacks
An Amazon Web Services data storage service has a serious data security flaw, according to new research. AWS S3 ‘Misconfiguration’ Opens Door to MITM Attacks. Citing Skyhigh Networks, NuData Security outlines the issue in a new blog post.
Fortunately, there are safeguards against the potential ‘Ghostwriter’ attacks enabled by the issue. The AWS Trusted Advisor, for example, has an ‘Amazon S3 Bucket Permissions’ security check that can be used to flag buckets that allow API access for both the authenticated AWS users and the open internet. Users can also check the Public bucket count in their AWS S3 consoles to see how many buckets are vulnerable, and NuData’s blog provides an AWS CLI query that can be used for programmers to check which buckets are vulnerable.
For the complete article, go here.