lengau@midwest.social to Programming@programming.devEnglish · 7 months agoHow an empty S3 bucket can make your AWS bill explodemedium.comexternal-linkmessage-square22fedilinkarrow-up1191arrow-down12cross-posted to: programming@zerobytes.monstercybersecurity@zerobytes.monsterprogramming@zerobytes.monsternetsec@zerobytes.monsterhackernews@lemmy.smeargle.fans
arrow-up1189arrow-down1external-linkHow an empty S3 bucket can make your AWS bill explodemedium.comlengau@midwest.social to Programming@programming.devEnglish · 7 months agomessage-square22fedilinkcross-posted to: programming@zerobytes.monstercybersecurity@zerobytes.monsterprogramming@zerobytes.monsternetsec@zerobytes.monsterhackernews@lemmy.smeargle.fans
minus-squaredeegeese@sopuli.xyzlinkfedilinkarrow-up116·7 months ago“By design” AWS bills project owners for unauthorized calls to the public S3 API. So what I’m reading from this is you can do a billing attack on anything hosted in AWS so long as you know one of their bucket names.
minus-squarebamboo@lemmy.blahaj.zonelinkfedilinkEnglisharrow-up53·7 months agoSeriously, now that this is more widely known, it’ll for sure be taken advantage of a lot, to the point AWS will begrudgingly protect their customers once the damage is done.
“By design” AWS bills project owners for unauthorized calls to the public S3 API.
So what I’m reading from this is you can do a billing attack on anything hosted in AWS so long as you know one of their bucket names.
Seriously, now that this is more widely known, it’ll for sure be taken advantage of a lot, to the point AWS will begrudgingly protect their customers once the damage is done.