Conversation

If I'm reading the complaint correctly, the recent Capital One breach which leaked information on 100M customers took place because an attacker was able access IAM Role credentials on an EC2 instance. I feel like it's a good time to repost this: daemonology.net/blog/2016-10-0

211

Colin Percival

@cperciva

Jul 30, 2019

The complaint doesn't specify *how* the attacker accessed said IAM Role credentials -- for all I know she might have gained root on the instance, in which case nothing would have kept her away from the credentials.

Colin Percival

@cperciva

Jul 30, 2019

But regardless of what level of access she had, this case reinforces the fact that IAM Role credentials are dangerous and you need to be careful with them. Exposing them to anyone who can launch a SSRF attack is like playing with a live hand grenade: Eventually it *will* explode.

Wes

@weskerfoot

Replying to

@cperciva

Sounds like something that could be mitigated if more software were written with tools like Capsicum to allow for POLA so you can't make arbitrary requests to things unless granted capabilities to access them.

9:10 PM · Jul 30, 2019Twitter Web Client