WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
  Home News Technology Internet Security Monday, January 27, 2020 
Add Press Release News | News Feeds Feeds | Email This News Email

Bishop Fox Finds Trove of Secrets on Amazon Elastic Block Store
Friday, August 9, 2019

PHOENIX, Aug. 9, 2019 /PRNewswire/ -- Bishop Fox, the largest private professional services firm focused on offensive security testing, has discovered a flaw in Amazon's Elastic Block Store (Amazon EBS) that makes many users' virtual hard disk available to anyone on the internet. Security Associate Ben Morris found that Amazon EBS has a "public" mode, which has exposed the secrets of thousands of people and companies who have mistakenly misconfigured their EBS accounts. He presented his research, "More Keys Than A Piano: Finding Secrets in Publicly Exposed EBS Volumes," at DEF CON on August 9.

Amazon EBS is a cloud-based block storage system provided by Amazon Web Services (AWS) that is used for storing persistent data. Some of the biggest companies in the world run on top of AWS. As part of his research, Morris found whole virtual hard drives, live sites, and apps available for anyone to read. He uncovered encryption keys, passwords, authentication tokens, PII, and even a set of root credentials. There was so much data that he had to invent a custom system, dubbed "dufflebag," to process it all.

"What's unique about this vulnerability is that the companies being compromised have no way to know they've had their discs cloned or their credentials or source code stolen because the attack is over the AWS platform and is not a direct attack," said Morris. "I cloned discs for many weeks without anyone being aware of my activities. It's not something they can monitor on AWS."

"Fortunately, there is an easy fix. Any organization using Amazon EBS needs to make sure that the box to encrypt their disc is always checked off manually," he added. "It is so simple, yet thousands of people are not doing this and could find their leaked secrets in the wrong hands."

About Bishop Fox

Bishop Fox is the largest private professional services firm focused on offensive security testing. Since 2005, the firm has provided security consulting services to the world's leading organizations -- working with over 25% of the Fortune 100 -- to help secure their products, applications, networks, and cloud resources with penetration testing and security assessments. In February 2019, Bishop Fox closed $25 million in Series A funding from ForgePoint Capital, which will allow the company to continue to grow its research capabilities and develop next generation offensive security technologies. The company is headquartered in Phoenix, AZ and has offices in Atlanta, GA; San Francisco, CA; New York, NY; and Barcelona, Spain.

Amy Blumenthal

View original content to download multimedia:

SOURCE Bishop Fox

Email This News Email | Submit To Slashdot Slashdot | Submit To Digg | Submit To | News Feeds Feeds

Nav Asia-Pacific DDoS and WAF Market Outlook to 2023 - Rising IoT DDoS and Application Layer Attacks Driving Greater Adoption of DDoS and WAF Solutions | Jan 27, 2020
Nav APAC Distributed Denial-of-Service Protection and Web Application Firewall Market, Forecast to 2023 | Jan 27, 2020
Nav Akamai Technologies To Hold Fourth Quarter and Full Year 2019 Investor Conference Call On Tuesday, February 11, at 4:30 PM ET | Jan 27, 2020
Nav Dropshipping Market Size Worth $557.9 Billion by 2025 | CAGR: 28.8%: Grand View Research, Inc. | Jan 27, 2020
Nav Data & Analytics (D&A) Market Among Fastest Growing in Services Industry, Clocking Nearly 20% Growth | Jan 27, 2020
Nav Morphisec Achieves VMware Ready Partnership Status for Horizon VDI Protection | Jan 27, 2020
Nav ServiceDealz Expansion Plan 2020 Revealed: More Deals Added, More Home Service Providers Queued Up! | Jan 25, 2020
Nav iboss Wins Two Awards in Built In Boston's Prestigious Best Places to Work 2020 List | Jan 16, 2020
Nav Hornetsecurity continues expansion with acquisition of distribution partner EveryCloud | Jan 16, 2020
Nav Global Over-the-Top Services (OTT) Market Outlook, 2020-2024 - Market Set to Reach $157 Billion by 2024, with VoD Growing at the Highest CAGR | Jan 16, 2020

Submit News | View More News View More News