{"id":10438,"date":"2014-03-24T13:35:16","date_gmt":"2014-03-24T13:35:16","guid":{"rendered":"http:\/\/cloudnewsdaily.com\/?p=14954"},"modified":"2014-03-24T13:35:16","modified_gmt":"2014-03-24T13:35:16","slug":"developers-hit-with-big-unexpected-aws-bills-thousands-on-github-exposed","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/developers-hit-with-big-unexpected-aws-bills-thousands-on-github-exposed\/","title":{"rendered":"Developers Hit With Big, Unexpected AWS Bills, Thousands on GitHub Exposed"},"content":{"rendered":"<\/p>\n<p>Amazon Web Services (AWS) is urging developers using the code sharing site GitHub to check their posts to ensure they haven&#8217;t inadvertently exposed their log-in credentials.<\/p>\n<p>When opening an account, users are told to \u201cstore the keys in a secure location\u201d and are warned that the key needs to remain \u201cconfidential in order to protect your account\u201d.\u00a0However, a search on GitHub reveals thousands of results where code containing AWS secret keys can be found in plain text, which means anyone can access those accounts.<\/p>\n<p>From a security perspective it means they can basically go in and gain access to any of the files that are stored in the AWS account.<\/p>\n<p>According to an AWS statement, \u00a0&#8221;When we become aware of potentially exposed credentials, we proactively notify the affected customers and provide guidance on how to secure their access keys,&#8221;<\/p>\n<p>There is more detail (and some cautionary tales involving big, and unexpected, AWS bills) <a href=\"http:\/\/www.itnews.com.au\/News\/375785,aws-urges-developers-to-scrub-github-of-secret-keys.aspx\">here<\/a>.<\/p>\n<div class=\"zemanta-pixie\" style=\"margin-top: 10px; height: 15px;\"><img decoding=\"async\" class=\"zemanta-pixie-img\" style=\"border: none; float: right;\" alt=\"\" src=\"http:\/\/img.zemanta.com\/pixy.gif?x-id=148a7a0c-1dd7-4888-981d-18e445e66d1f\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/feeds.feedburner.com\/~r\/CloudNewsDaily\/~4\/j5fRdjt8c-Q\" height=\"1\" width=\"1\"\/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Amazon Web Services (AWS) is urging developers using the code sharing site GitHub to check their posts to ensure they haven&rsquo;t inadvertently exposed their log-in credentials. When opening an account, users are told to &ldquo;store the keys in a secure location&rdquo; and are warned that the key needs to remain &ldquo;confidential in order to protect [&#8230;]<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[136,56,57,1273],"tags":[118],"class_list":["post-10438","post","type-post","status-publish","format-standard","hentry","category-amazon-aws","category-amazon-web-services","category-aws","category-github","tag-security"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/10438","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=10438"}],"version-history":[{"count":0,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/10438\/revisions"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=10438"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=10438"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=10438"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}