Technology

60450 readers

5230 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago

MODERATORS

[email protected]

Ransomware crew abuses AWS native encryption (www.theregister.com)

submitted 1 day ago by [email protected] to c/[email protected]

4 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 5 points 19 hours ago (1 children)

While this is more an issue with compromise credentials and not a flaw in AWS exactly, I think AWS should just deprecate the use of IAM Access Keys altogether, and have newly issued keys auto expire after 90 days, requiring human intervention to extend the lifetime if absolutely necessary. Had these companies used IAM roles for their services, they would not be in this situation, but that approach requires more effort, so people go with the lazy access key solution.

[–] [email protected] 1 points 28 minutes ago

And just to be clear, using IAM roles doesn't require much effort either, even when you need to sync with an external auth provider such as AD (I know, ewww, but you have to live in the world as it is rather than the one you'd like it to be).