ㅤ
SHARE KOLEKSI WALLPAPER PART 2
••• A THREAD •••
ㅤ
More from Software
As the year wrap's up, let's run through some of the worst public security mistakes and delays in fixes by AWS in 2020. A thread.
First, that time when an AWS employee posted confidential AWS customer information including including AWS access keys for those customer accounts to
Discovery by @SpenGietz that you can disable CloudTrail without triggering GuardDuty by using cloudtrail:PutEventSelectors to filter all events.
Amazon launched their bug bounty, but specifically excluded AWS, which has no bug bounty.
Repeated, over and over again examples of AWS having no change control over their Managed IAM policies, including the mistaken release of CheesepuffsServiceRolePolicy, AWSServiceRoleForThorInternalDevPolicy, AWSCodeArtifactReadOnlyAccess.json, AmazonCirrusGammaRoleForInstaller.
First, that time when an AWS employee posted confidential AWS customer information including including AWS access keys for those customer accounts to
Fresh data breach news-
— Chris Vickery (@VickerySec) January 23, 2020
Amazon AWS engineer exposes work-related keys, passwords, and documents marked "Amazon Confidential" via public Github repository: https://t.co/7gkIegnslx
Discovered within 30 minutes of exposure by my team at @UpGuard.
Discovery by @SpenGietz that you can disable CloudTrail without triggering GuardDuty by using cloudtrail:PutEventSelectors to filter all events.
"Disable" most #AWS #CloudTrail logging without triggering #GuardDuty:https://t.co/zVe4uSHog9
— Rhino Security Labs (@RhinoSecurity) April 23, 2020
Reported to AWS Security and it is not a bug.
Amazon launched their bug bounty, but specifically excluded AWS, which has no bug bounty.
Amazon Vulnerability Research Program - Doesn't include AWS D:https://t.co/stJHDG68pj#BugBounty #AWS
— Spencer Gietzen (@SpenGietz) April 22, 2020
Repeated, over and over again examples of AWS having no change control over their Managed IAM policies, including the mistaken release of CheesepuffsServiceRolePolicy, AWSServiceRoleForThorInternalDevPolicy, AWSCodeArtifactReadOnlyAccess.json, AmazonCirrusGammaRoleForInstaller.
Software architecture is in crisis, and the way to fix it is a hefty dose of anarchy.
Some lay the blame for this on @boicy with the whole microservices thing.
(Admittedly, @nicolefv, @jezhumble and @realgenekim didn’t help when they statistically proved that he might have been onto something with all that de-coupling and team-alignment…)
However I don’t blame him at all.
I think he saved us; bringing us back to the path of value-delivery and independent services, but now with added independent teams.
But one thing is clear. Microservices need more architecture, not less (as do other forms of #Accelerate-style software organisation).
(See https://t.co/B2hWmXhIqe if you need convincing)
I mean, all those pesky slices we need to carve up our monoliths (or were they big balls of mud?) That’s a significant amount of work right there…
Some lay the blame for this on @boicy with the whole microservices thing.
(Admittedly, @nicolefv, @jezhumble and @realgenekim didn’t help when they statistically proved that he might have been onto something with all that de-coupling and team-alignment…)
However I don’t blame him at all.
I think he saved us; bringing us back to the path of value-delivery and independent services, but now with added independent teams.
But one thing is clear. Microservices need more architecture, not less (as do other forms of #Accelerate-style software organisation).
(See https://t.co/B2hWmXhIqe if you need convincing)
I mean, all those pesky slices we need to carve up our monoliths (or were they big balls of mud?) That’s a significant amount of work right there…
