Episode Show Notes & Transcript
- “Developer Experience is Security”: https://redmonk.com/rstephens/2022/02/17/devex-is-security/
- Cleansing their network of ransomware: https://www.espn.com/nfl/story/_/id/33283115/san-francisco-49ers-network-hit-gang-ransomware-attack-team-notifies-law-enforcement
- “Control access to Amazon Elastic Container Service resources by using ABAC policies”: https://aws.amazon.com/blogs/security/control-access-to-amazon-elastic-container-service-resources-by-using-abac-policies/
- “Introducing s2n-quic—‘sin-i-quick?’ ‘sin-two-quick?’ Yeah—a new open-source QUIC protocol implementation in Rust”: https://aws.amazon.com/blogs/security/introducing-s2n-quic-open-source-protocol-rust/
- “Top 2021 AWS Security service launches security professionals should review–Part 1”: https://aws.amazon.com/blogs/security/top-2021-aws-security-service-launches-part-1/
- Ghostbuster: https://blog.assetnote.io/2022/02/13/dangling-eips/
Corey: Somehow a week without an S3 Bucket Negligence Award to pass out for anyone. I really hope I’m not tempting fate by pointing that out, but good work, everyone.
Also, now that the professional football season is over, the San Francisco 49ers eagerly turn to their off-season task of cleansing their network of ransomware. Ouch. Not generally a great thing when you find that your organization has been compromised and you can’t access any of your data.
Now, AWS had a couple of interesting things out there. “Control access to Amazon Elastic Container Service resources by using ABAC policies”. I was honestly expecting there to be a lot more stories by now of improper tagging being used to gain access via ABAC. The problem here is that for the longest time tagging was at best a billing metadata construct; it made sense to have everything be able to tag itself. Suddenly, with the advent of attribute-based access control, anything that can tag resources now becomes a security challenge.
“Top 2021 AWS Security service launches security professionals should review–Part 1”. Okay, this summary post highlights an issue with how AWS talks about things. Some of these enhancements are helpful, some are not, but every last one of them are features to an existing service. Sometimes those refinements are helpful, other times they simply add unneeded complexity to a given customer’s use case. This feels a lot more like a comprehensive listing than it does a curated selection, but maybe that’s just me.