Really interesting write up! I'm surprised they are still running in EC2-Classic... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

cddotdotslash on Aug 18, 2015 | parent | context | favorite | on: Multiple Vulnerabilities in Pocket

Really interesting write up! I'm surprised they are still running in EC2-Classic. However, even if they are, security groups should still be restrictive enough to prevent some of the things discussed. For example, bypassing the load balancer shouldn't be possible. A security group applied to the back end instances should only allow HTTP/S traffic from the load balancer group. SSH security groups should only allow inbound traffic from known IPs (like the office network), etc. Unfortunately, not enough people do this, and once you can query instance meta data or obtain an SSH key, it's game over.

skarap on Aug 18, 2015 [–]

> once you can query instance meta data or obtain an SSH key, it's game over

It's usually the public SSH key which is stored in instance metadata. IAM roles/STS is much more scarier in this case.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact