Highest Voted 'amazon' Questions - IT Security Stack Exchange

0

votes

1 answer

Amazon AWS S3 Unrestricted File Upload

While I was pentesting a web application, I found out that files that are uploaded to the web application are stored in an AWS S3 instance. Based on my experience, when a web application needs to store all types of files, including files with…

asked Jul 15 '21 at 03:35

Emanuel Beni

133
8

0

votes

2 answers

How might this Amazon account hack occur?

My mother recently had her Amazon account (buyer, not seller) hacked. She is not a security expert but does work in database management, so she is definitely not computer illiterate. I am also not a security expert but I work as a software engineer,…

account-security amazon

asked Jun 15 '20 at 06:25

k_ssb

101
4

0

votes

3 answers

Did I fall for an Amazon scam? (Amazon Photos Credit)

So just 30 minutes ago, I was looking through some emails that ended up in my scam, and as usual there are amazon emails with recommendations based on past purchases and stuff like that. Then there is these new email asking that if I were to upload…

spam amazon

asked Jun 14 '20 at 18:38

idealnacho

11
1
1

0

votes

1 answer

Why does Amazon verify a TLS certificate?

Show site information, then Connection for https://support.mozilla.org indicates Verified by: Amazon Why is this? Is Amazon spying on me?

tls certificates web-browser amazon

asked Mar 25 '19 at 14:56

Vater

9
3

0

votes

1 answer

Is amazon.com allowing authentication based on browser cookies only?

So I found out a couple of days ago that amazon.com has changed its behavior when trying to make a purchase. For years and up until recently, I could open a browser, log into amazon, close the browser. When I would open the browser again and direct…

amazon

asked Mar 18 '19 at 00:05

Ivan

11

0

votes

0 answers

Why was I not asked for CVV in amazon.com for my debit card?

I ordered some items in amazon.com .Payment mode was through mastercard debit and I was not asked for cvv. This is the first time i added the debit card though I initially had my credit card details added to my account. The card is tied to a non US…

amazon

asked Jan 16 '19 at 19:48

user197033

1

0

votes

2 answers

Blind SQL Injection on Amazon RDS

I found a vulnerability which allows me to run any query on an Amazon RDS server. I was able to extract the user hashes by using the --passwords parameter of sqlmap, and one of the hashes was cracked before. The thing is, I'm not sure that first the…

sql-injection mysql amazon

asked Oct 18 '18 at 12:28

Rob Gates

249
3
11

0

votes

1 answer

How to fix AWS security hole ALAS-2018-1045?

I am researching about the security hole CVE-2018-12020 and learned that you need to update to min version 2.2.8 to fix the issue. I need to fix this for my EC2. I read information from this offical AWS report, and it says that the security hole…

aws amazon

asked Oct 10 '18 at 10:08

Sơn Lâm

113
4

0

votes

2 answers

Email SPF record integrity

I have been reviewing my company's SPF record with a number of our SAAS providers. One service advised me to use 'include:amazonses.com' in my record to allow emails to be validated. I am rather hesitant in allowing Amazon's service API to be…

email cloud-computing email-spoofing amazon spf

asked Aug 16 '17 at 02:03

wildshane

1

0

votes

2 answers

Is Amazon Prime DRM able to scan a LAN for devices and services?

My company has signed up for Amazon Prime to watch some videos. They were asked to enable Amazon Prime DRM. Will this open up a security hole in our LAN? I am worried that they could start scanning everything. I can't find any real information…

drm amazon

asked Jun 29 '17 at 21:27

theakson

103
2

0

votes

2 answers

Looking for a CIS Bechmark Tool to run against Amazon Linux 2016.09

I have been tasked with ensuring the CIS Bechmark on Amazon Linux 2016.09. Does anyone know of an examination tool that will output the difference between the current and the benchmark? Unfortunately I cannot use one of the existing marketplace…

audit amazon

asked May 25 '17 at 16:25

Sam Hammamy

103
3

0

votes

1 answer

Network address (DNS) translation on Amazon Web Services (Ec2)

I am trying to figure out better ways to practice my computer defense/ infosec skills. If someone was to set up a honeypot (e.g., MHN) on AWS/EC2 server and then try to launch attacks from a local machine against it (e.g., Metasploit) why does the…

network exploit metasploit amazon aws

asked Feb 25 '17 at 23:11

userJoe

83
1
9

0

votes

2 answers

Best way to use http get with php server for mobile app

I am using an http server on Amazon Web Services running php and connecting to an RDS DB, also on AWS. I am sending GET requests to the server to get Information. The requests dont contain any private information. I am trying to think of the best…

php http amazon

asked Jan 04 '17 at 16:13

Yinon Eliraz

101
1

0

votes

0 answers

I have to send my broken Tablet back, what should I do with my data?

The display of my Fire Tablet is broken, so I cannot do anything on the device. A member of support told me, when I remove the Tablet from my Amazon account via web browser, all data will be removed. But I am still afraid of data leakage. What…

data-leakage amazon

asked Jul 11 '16 at 16:09

Motte001

137
6

0

votes

1 answer

MySQL database (non-SSL) connections secured via origin/destination IPs, how unsafe are they?

I am testing an Amazon RDS MySQL solution: the database is provided by Amazon RDS but the application logic (php scripts) that accesses the data is hosted in another, different (non-amazon) server. Suppose that for some reason I can't use MySQL SSL…

tls databases mysql amazon

asked May 10 '16 at 14:44

Eugenio

125
4

Questions tagged [amazon]