
Why are these things called buckets?
A now-defunct mobile app for loaning money to small business owners has been pinned down as the source of an exposed archive containing roughly 500,000 personal and business financial records. The research team at vpnMentor said it traced an exposed database of financial records back to a former Android/iOS app called MCA …
. . is that it is time to stop trusting small startups with your private data.
Yeah, I know, that is going to put a crimp on startups that propose money. In the meantime, we need a certification that proves that the startup knows what security is and knows how to manage cloud accounts.
I know, I'm dreaming. Just don't trust financial startups that don't have a banking charter.
It's quite sad, really. When I set up (our) S3 bucket, obscure as some of the optional configurations were, I made it a point to go through them, learn what they did, and set accordingly. As a result my bucket was 'Can be public' from Day 1 of the privacy testing tools rollout, a decent setting.
So some "tech" support, with far more responsibilities and (supposedly) far more training than me, yet far less real-world intelligence, pushes a few buttons and stamps "Done!" to the project. If they are assigning the project to the PFY then they only have themselves to blame for not following up on assurance; if the BOFH is causing these muck-ups then one must, frankly, question their compensation levels.
Biting the hand that feeds IT © 1998–2021