Hacker News new | past | comments | ask | show | jobs | submit login

Lots! Tons and Tons and Tons! S3 is super secure and CAN NOT be hacked when properly configured and used according to our standard!

You got hacked? You must have configured it wrong because we already told you it was unhackable; Good luck proving it was our fault not yours.

> Good luck proving it was our fault not yours.

Seems like it would be incredibly easy to prove that an S3 bucket was misconfigured in such a way that the data was publicly accessible. In fact this has been the case in the recent high-profile cases that I can recall.

The S3 bucket was not public.

The hacker got ephemeral keys by remotely exploiting the WAF. The WAF had no reason to have privileges to read from S3, that was a mistake.

I’m unclear if data in bucket was encrypted at rest but I guess if you get keys to read it’s a moot point.

Can you actually substantiate a S3 security problem that wasn't user error? Because I've yet to hear of one.

not sure if serious

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact