
Misconfigured FTP, SMB, Rsync, and S3 Buckets Exposing 1.5B Files - techjumbo
https://gbhackers.com/1-5-billion-sensitive-files/
======
realusername
I would also point here that not everything which is publicly available is
sensitive data. I've tried one of the tools posted on HN a while back to find
read-access to random S3 buckets, I only found HTML files used for static
websites. You can just get these files with curl on the website as well.

~~~
diggan
I was thinking this as well, but then I continued to read the blog post and
found the following:

> Publicly exposed data contains a large amount of the employee data such as
> Payroll files (707,960) and Tax Return files (64,048). More than 2 Million
> of files that contain personal health information like MRIs based in Italy
> exposed.

> The exposed data includes the Source Code, Patient List accounted about
> 95,434 and 4,548 respectively. Exposed data is a goldmine for attackers they
> can use the publicly available data to launch cyber attacks. the exposed
> information cut’s off their reconnaissance.

> Shockingly some highly sensitive information’s such as security audit
> reports, network infrastructure details and penetration testing reports are
> stored online publicly.

But it's not clear really how much percentage of 1.5B files was actually
sensitive.

------
raesene9
This doesn't really surprise me, it's a natural consequence of the cloud era.

Mis-configured access control on file storage and sharing services has always
been quite prevalent. From a users perspective, a lax ACL just means
everything works :)

In "the olden days" of corporates behind firewalls, the issues were still
there but they were hidden from casual view by NAT and perimeter firewalls.

Now people operate directly on cloud services their mistakes are easy to find.

Whilst perimeter firewalls were never the security panancea that some thought
they were, they did have some use in hiding all the other security issues from
casual discovery :)

~~~
BjoernKW
> This doesn't really surprise me, it's a natural consequence of the cloud
> era.

Not necessarily. As you mentioned yourself the cloud era just exposed existing
bad practices. Perhaps over time that's even a net positive because people
might start to take security more seriously.

~~~
raesene9
sure people _might_ take security more seriously, however personal experience
(18 years and counting in security) suggests that's not likely :)

------
Nux
I see a large slice of that is rsync, can't help but think they may have hit a
few public mirrors. Same for FTP. :-)

~~~
stevekemp
I scanned the internet for open rsync shares four years ago. There were some
scary scary open shares with passport-scans, CVs, family-images and more.

[https://blog.steve.fi/secure_your_rsync_shares__please_.html](https://blog.steve.fi/secure_your_rsync_shares__please_.html)

Discussed here at the time:

[https://news.ycombinator.com/item?id=7232300](https://news.ycombinator.com/item?id=7232300)

~~~
crtasm
Your blog is blocking Tor users with a 403 forbidden response, letting you
know in case it's not intentional.

~~~
stevekemp
My server blocks all users who access /wp-admin.php, and make other automated
exploit-attempts, for 8-48 hours.

The fact that a high number of such attempts come over Tor is disappointing,
but should surprise nobody.

I've no desire to blacklist Tor exit nodes as such, but I'm going to go out of
my way to whitelist them when they are a source of malicious traffic

~~~
crtasm
My viewpoint is that other than making logfiles less chatty that doesn't
really achieve anything (providing I've well configured/hardened my server of
course). Tor exit nodes are also a source of lots of non-malicious traffic. I
understand your position though.

------
hestefisk
I think this article is so poorly written that I have a hard time making sense
of it.

------
campuscodi
Nice spam campaign you got there on your profile page, techjumbo

[https://news.ycombinator.com/submitted?id=techjumbo](https://news.ycombinator.com/submitted?id=techjumbo)

~~~
dx034
Is submitting posts from your own site spam as long as people find it useful?
As long as they don't use ring-voting to get them on the front page it should
be fine imo.

~~~
detaro
It is spam if your post is just reporting what a report on a different site
says. The HN guidelines have explicit rules against that.

