* Posts by Talisman1

4 publicly visible posts • joined 21 Mar 2019

Vengeful sacked IT bod destroyed ex-employer's AWS cloud accounts. Now he'll spent rest of 2019 in the clink

Talisman1

Re: Voova should take some heat here...

When you delete S3 buckets on AWS it asks you to confirm by typing the name of the bucket (so you really have to be intentional about it) - though since the company was so lackadaisical in it's organization of IAM policies the chances are any admin could have maliciously acted like this. Double fail for not having secured backups in Glacier or another service!

Talisman1

Re: Voova should take some heat here...

Yes Glacier is used for long-term archival purposes, but yes the durability of the data is ranked at 99.999999999% as far as I'm aware (though availability is a different matter). That said, this could have been entirely avoided had the organization setup their IAM policies correctly to begin with, so they only have themselves to blame really. Design for failure!

Talisman1

Re: Voova should take some heat here...

AWS guarantee security of the cloud, not *in* the cloud - that's up to the organization/individual running the show. If you go around giving system admins full access then don't be surprised when fit hits the shan lol

Talisman1

Re: Voova should take some heat here...

Ephemeral storage will lose data upon reboot, but EBS volumes (which most instances run these days) can be stopped and started at will without data loss. As you say though, they should definitely have been making use of IAM policies for groups and placing users in said groups to control access to functionality like this.