Bucketsquatting Is (Finally) Dead
For a decade, I have been working with AWS and third-party security teams to resolve bucketsquatting / bucketsniping issues in AWS S3.
Bucketsquatting (or sometimes called bucketsniping) is an issue I first wrote about in 2019, and it has been a recurring issue in AWS S3 ever since.
If you’re interested in the specifics of the problem, I recommend you check out my original post on the topic: S3 Bucket Namesquatting - Abusing predictable S3 bucket names.
For Azure Blob Storage, storage accounts are scoped with an account name and container name, so this is far less of a concern.
The namespace protects you from bucketsquatting attacks, and you should use it for any S3 buckets you create.
1 час назад @ onecloudplease.com
infomate
