This week’s episode explores what happens when cloud storage security policies, such as S3 buckets, aren’t given the attention they deserve, and how some of our data might not be as private we’re all lead to believe.
We’re huge fans, and users of AWS ourselves, but unfortunately the industry finds itself in the situation where some applications and services which utilise S3 to store assets and backups don’t necessary secure private or sensitive data quite as well as you’d expect.
Is this a misunderstanding of security policies and practices, or just lazy development? James did some investigating himself to discover just how widespread this problem is. A full article has been publish on his blog.
An article published in the New York Post on August 12th reported incidents of indecent imagery being sent to victims via the iPhone’s AirDrop facility – termed “Cyber-Flashing” – and exploiting the vulnerable position users are in if their settings allow for Bluetooth-like file sharing with “everyone”.
Although AirDrop is turned off by default, James gives an example of when he legitimately changed his settings to allow someone to share a video file with him, only to discover months later that it was still switched on.
With this so easily done, it’s become apparent that those creepy members of society who seek out and pray upon victims – women in particular – are using this as an opportunity to take “trenchcoat flashing” into the digital space, which has become increasingly and worryingly reported to occur on the London Underground and New York Metro. Quite understanable, “It never even crossed my mind that someone may use it to send stuff like that,” one victim admitted.