WELCOME

The S3 bucket was also accessible over the Internet through

March 1, 2017 by Kimberly Parks

The S3 bucket was also accessible over the Internet through the AWS S2 bucket. The data that Jack'd uses to access his S3 images is used by the application to send and receive web requests, and to keep a database of data about the user's location. In that regard, the S3 bucket is a valuable tool to understand how many users are using Jack'd, since it is a way to identify individuals who are actively using this application.

Amazon Web Services' Simple Storage Service powers countless numbers of Web and mobile applications. Unfortunately, many of the developers who build those applications do not adequately secure their S3 data stores, leaving user data exposed—sometimes directly to Web browsers.

But it's not always easy to be proactive about sharing data. The security of users' data isn't easy to pin down, and there are many different ways in which users might misuse this service. For example, it could be that a user has turned on a security guard to protect data belonging to those who share it, or that the user is using a malicious third-party service. In those cases, a user may be able to take advantage of the services by using Jack'd's cloud service to encrypt data and then posting it to a S3 bucket in the Cloud Storage portal. This could open up a number of possible scenarios, all of which involve the use of a compromised cloud server.

So far, the security of individual users' data has been far from a priority. We are seeing a steady uptick in data breaches this summer, with nearly 50 million accounts of credit card data being stolen in a few months. Some of these attacks are just for fun, while others are necessary to track down unauthorized users.

But it's not really clear if Jack'd and Simple Storage Service would be a suitable solution for all of these kinds of data breaches. Even so, it would be interesting to see whether a company like Amazon Web Services would be able to address some of these concerns—and whether it would be able to make it work for all of its users.

The New Web and Mobile Applications

Although some of the new applications are already in use on Amazon's platform, many of the new ones are not yet being developed or tested on the AWS S3, and all have a unique API that is being added to provide a more convenient way to access the data hosted on the new service in the cloud.

I will write more about the new applications and services in a separate post, with some of the new apps as of this writing.