another, far worse wallet attack can also be used if they know the bucket name youre using in S3. they can generate an obscene amount of invalid requests you pay for that quickly ads up, and amazons response is ‘so?’
Totally agree. I have a close friend that works at AWS (although not anywhere close to s3) and this article was making the rounds internally. I know people have been upset about this, but it genuinely just sounds like one of those edge cases they overlooked until it was exposed. It sucks, but any developer has a good story of a time they’ve done it. Hopefully they get a fix out soon.
its worse than this.
another, far worse wallet attack can also be used if they know the bucket name youre using in S3. they can generate an obscene amount of invalid requests you pay for that quickly ads up, and amazons response is ‘so?’
The lead of s3 actually did indicate that they are planning changes in response to that article. Hopefully we see a change there soon.
Edit: found the link
thank pasta. this ‘security through obscurity’ policy is freakin me out
Totally agree. I have a close friend that works at AWS (although not anywhere close to s3) and this article was making the rounds internally. I know people have been upset about this, but it genuinely just sounds like one of those edge cases they overlooked until it was exposed. It sucks, but any developer has a good story of a time they’ve done it. Hopefully they get a fix out soon.