Following this closely. Note that as far as anyone can tell, neither was using the MFA option for control panel access.
bonsai said they suspect a compromised API key, I don't pay enough attention to AWS to know if/how an API key can be leveraged to get console access. On Thu, Jun 19, 2014 at 8:00 AM, Brandon Allbery <[email protected]> wrote: > On Thu, Jun 19, 2014 at 10:56 AM, Yves Dorfsman <[email protected]> wrote: >> >> Does anybody know what's going on (codespaces.com, bonzai.io)? >> >> Is it a series of people making obvious mistake (easily guesses password, >> keys spread to public places, etc...)? >> >> Or some new type of attack not so obvious, and that more sites thinking >> they are secure might be exposed to? > > > I wouldn't be surprised if it's the same kind of social engineering attack > that works so well to get access to payroll accounts (as reported every > other week or so by Krebs...). > > -- > brandon s allbery kf8nh sine nomine associates > [email protected] [email protected] > unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net > > _______________________________________________ > Tech mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
