• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Log In
  • Member Registeration
  • Account
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

FindBiometrics

FindBiometrics

Global Identity Management

  • Biometrics
    • What are Biometrics?
    • FAQ
    • Biometric Associations
    • Companies
    • Premier Partners
  • News
    • Featured Articles
    • Interviews
    • Thought Leadership
    • Podcasts
    • Webinars
    • Year in Review
  • Applications
    • Biometric Security
    • Border Control and Airport Biometrics
    • Consumer and Residential Biometrics
    • Financial Biometrics
    • Fingerprint & Biometric Locks
    • Healthcare Biometrics
    • Justice and Law Enforcement Biometrics
    • Logical Access Control Biometrics
    • Mobile Biometrics
    • Other Biometric Applications
    • Physical Access Control Biometrics
    • Biometric Time and Attendance
  • Solutions
    • Behavioral Biometrics
    • Biometric Sensors and Detectors
    • Facial Recognition
    • Biometric Fingerprint Readers
    • Hand Readers & Finger Scanners
    • Iris Recognition
    • Biometric Middleware and Software
    • Multimodal Biometrics
    • Physiological Biometrics
    • Smart Cards
    • Vein Recognition
    • Voice and Speech Recognition
  • Stocks
  • Events
  • Companies
  • Podcasts

AWS S3 ‘Misconfiguration’ Opens Door to MITM Attacks

November 29, 2017

“Fortunately, there are safeguards against the potential ‘Ghostwriter’ attacks enabled by the issue.”

An Amazon Web Services data storage service has a serious data security flaw, according to new research.AWS S3 'Misconfiguration' Opens Door to MITM Attacks

Citing Skyhigh Networks, NuData Security outlines the issue in a new blog post. It concerns AWS’s Simple Storage Service, or ‘S3’, which features storage ‘buckets’ that are “misconfigured to allow public write access, enabling a malicious third party to launch man-in-the-middle (MiTM) attacks,” as NuData puts it.

Fortunately, there are safeguards against the potential ‘Ghostwriter’ attacks enabled by the issue. The AWS Trusted Advisor, for example, has an ‘Amazon S3 Bucket Permissions’ security check that can be used to flag buckets that allow API access for both the authenticated AWS users and the open internet. Users can also check the Public bucket count in their AWS S3 consoles to see how many buckets are vulnerable, and NuData’s blog provides an AWS CLI query that can be used for programmers to check which buckets are vulnerable.

While there are solutions available, the fact that such a security vulnerability exists in as high-profile a platform as Amazon Web Services helps to highlight the dangers emerging as more and more data is stored online. And, of course, it also highlights the value of user authentication systems that can run in the background to provide an extra layer of security, such as behavioral biometrics solutions like NuData’s NuDetect.

Source: NuData Security Blog

Primary Sidebar

Identity is Shaping Air Travel – Time to Invest

Sponsored Links

facetec logo

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

TECH5 logo

TECH5 is an international technology company founded by experts from the biometrics industry, which focuses on developing disruptive biometric and digital ID solutions through the application of AI and Machine Learning technologies.

TECH5 target markets include both Government and Private sectors with products powering Civil ID, Digital ID, as well as authentication solutions that deliver identity assurance for various use cases. 

Learn more: www.tech5.ai

Mobile ID World Logo

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs.

HID logo

HID powers the trusted identities of the world’s people, places and things. Our trusted identity solutions give people convenient and secure access to physical and digital places and connect things that can be identified, verified and tracked digitally. Millions of people use HID products to navigate their everyday lives, and billions of things are connected through HID technology. https://www.hidglobal.com/

Recent Posts

  • Illinois Lawmakers Are Okay With Face-scanning Drones (Sometimes) – Identity News Digest
  • Worldcoin Raises $115M Series C to Fuel Biometric UBI Efforts
  • Worldcoin, Mobile ID, Biometric Privacy, and More – Identity News Digest
  • Learn How Biometrics Are Fighting AI-Enhanced Fraud with Onfido’s Therese Stowell
  • The Seamless Future of Travel Starts with Passwordless Booking

Biometric Associations

IBIA and fido

Tweets

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2023 FindBiometrics