• originalucifer@moist.catsweat.com
    link
    fedilink
    arrow-up
    7
    ·
    7 months ago

    its worse than this.

    another, far worse wallet attack can also be used if they know the bucket name youre using in S3. they can generate an obscene amount of invalid requests you pay for that quickly ads up, and amazons response is ‘so?’

        • a lil bee 🐝@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          7 months ago

          Totally agree. I have a close friend that works at AWS (although not anywhere close to s3) and this article was making the rounds internally. I know people have been upset about this, but it genuinely just sounds like one of those edge cases they overlooked until it was exposed. It sucks, but any developer has a good story of a time they’ve done it. Hopefully they get a fix out soon.

  • bamboo@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    2
    ·
    7 months ago

    Would adding Cloudfront in front of the s3 bucket prevent against this type of attack? Does canceling the connection to the cloudfront distribution cause the same behavior with regard to s3 egress?