Hi What I am saying is that in general you have more chance of humans being 
negligent and messing up security then you have of someone smuggling explosives 
into a Datacentre.
While the AWS security breech wasn’t entirely the companies fault it doesn’t 
make them look good when they have Capital one splashed all over their website 
as a case study of how well they are doing.
AWS really should be recommending their larger customers to go through trained 
Regards Chad.

Chad Kelly
CPK Web Services
Phone 03 52730246
Web https://www.cpkws.com.au

From: Andras Toth <diosbej...@gmail.com>
Sent: Wednesday, September 11, 2019 10:26 PM
To: Chad Kelly <c...@cpkws.com.au>
Cc: ausnog@lists.ausnog.net; ausnog-requ...@lists.ausnog.net
Subject: Re: [AusNOG] Risks to country and business infrastructure

The person that got access to their system was not an AWS employee when the 
breach happened. The person got access via a misconfigured server/system that 
wasn't Amazon's fault.

See the original court case for details: 

This is the same as saying it's Amazon's fault that people make their S3 
buckets public and information gets exposed.


On Wed, Sep 11, 2019 at 12:26 PM Chad Kelly 
<c...@cpkws.com.au<mailto:c...@cpkws.com.au>> wrote:
On 9/11/2019 12:00 PM, 
ausnog-requ...@lists.ausnog.net<mailto:ausnog-requ...@lists.ausnog.net> wrote:

> When someone questions whether this-or-that was predicted, this seems most
> likely to indicate either the plausibility of the threat, or which side of
> a closed door the questioner was on when the discussions were held.

I'd worry less about people placing explosives in servers and more about
making sure that proper checks are in place for the people with access
to information.

AWS is a good example of this, they really need to lift their game.

Stuff like the Capital One incident just shouldn't happen and as a
result of that I am not recommending AWS to any of our customers.

That isn't the only reason, but the fact Capital One are still with AWS
after that incident scares me a little, if I was them I would of dumped
them as a vendor immediately.

Basically Datacentres and network operators need to force all staff to
undergo regular checks particularly when dealing with sensitive info.

I also am aware that the Capital One case isn't Australian, but it is
still a good example of why providers need to keep an eye on who has
access to certain info.

Chad Kelly
CPK Web Services
Phone 03 5273 0246
Web www.cpkws.com.au<http://www.cpkws.com.au>

AusNOG mailing list
AusNOG mailing list

Reply via email to