I won't link it here, but here's a screenshot of a snippet: https://i.imgur.com/NezWVKw.png
"Thompson was previously an Amazon Web Services employee. She last worked at Amazon in 2016, spokesman Grant Milne said. The breach described by Capitol One didn’t require insider knowledge, he said."
(If I could query all AWS permissions for publicly exploitable permissions, that would comply, for example.)
Point stands; they’re being very careful to say that there aren’t any CVEs, but they are also very carefully not saying whether she abused the privileges of her role to identify misconfigurations more rapidly than she could have otherwise.
Special access can make the difference between "locating X% of misconfigured users in a single admin panel query" and "locating X% of misconfigured users by scanning every S3 bucket in existence without being caught".
Or to draw a weak analogy, knowing that a closed-source PRNG algorithm is defective does not necessarily help locate all keys generated by it, but having access to force it to generate numbers for you (or to study its source code) absolutely does help.
assume it is no longer private.
Not much really there to learn
Violation of copyright would appear to be a significantly worse offense according to present US law.
In point of fact, the prosecutor on Swartz case (Stephen Heymann) had previous authored an article describing how the Internet age allowed crime to scale, enabling hackers to commit thousands of criminal acts per second. It's my personal belief that Heymann wanted to use Swartz' case as a validation of this belief.
(Source: The Idealist: Aaron Swartz and the Rise of Free Culture on the Internet, ISBN 978-1476767727)
I think the minimum to be considered an IDE, you need to be able to edit, possibly compile depending on the language, and run/debug from within the same tool. By last loose definition, I've joked my most used "IDE" would be bash. I can edit with vim, compile/link with make/gcc/ld, and debug using gdb or run my bins directly.
I mean it's an integrated development environment in that I can access all of my tools from one centralized location, the bash shell, but certainly not integrated in the sense that I have a GUI that hides the nuances of commands of various tools behind menus and friendlier non-command-line names and making it appear that the half dozen or so tools are a single entity.
I also use Visual Studio for Windows development and I've been switching between VS Code and PyCharm for Python development.
But are git and svn an IDE? No. They are both merely source control management systems.
But then I read your comment and realised in *nix the program is actually called "git". So I concede :-)
The last commit in the Git repository where her resume is located shows this:
(HEAD -> master, origin/master, origin/HEAD)
Author: Paige Thompson <firstname.lastname@example.org>
Date: Thu Jan 10 14:38:02 2019 -0800
update linkedin address
diff --git a/cv.pdf b/cv.pdf
index bf26140..add1ea9 100644
Binary files a/cv.pdf and b/cv.pdf differ
While attempting to recover, the s3 team discovered and/or decided the nameserver needed a full restart. That's when they discovered the info in the nameserver had grown so large since the last full restart years previous that it took far longer than expected to restart the nameserver. Right around that point in time my guess is they realized just how shit their morning was going to be. And their afternoon.
Somewhere in there, they realized that their health dashboard depended on s3 working.
Though to be fair, as an aws customer, we -- along with the rest of internet -- were well aware that stuff was badly broken.
I feel terribly for whoever did this, because IIRC, he or she just fat fingered part of a command in a standard playbook, and the config script had no safeguards. I personally took down a company you've heard of in the exact same way; I knocked all pops off the internet because the config script had a hard requirement around certain values that was neither communicated to me nor checked. And I was trying to figure out wtf I did to a system that I was not particularly familiar with while receiving forwarded texts from the CEO about cascading datacenter down alerts.