CyberWire Daily cover image

CyberWire Daily

Leaking your AWS API keys, on purpose? [Research Saturday]

Nov 30, 2024
Noah Pack, a SANS Internet Storm Center intern, dives into the fascinating world of AWS API keys. He shares the alarming risks associated with accidental leaks and the surprising outcomes of his experiment where keys were intentionally exposed. The discussion covers protective measures like canary tokens and the importance of security tool integration. Noah emphasizes the critical need for identity management and proactive security practices to shield businesses from potential chaos. His real-world insights underscore why every developer should care about credential safety.
26:30
Creator website

Episode guests

Noah Pack

Podcast summary created with Snipd AI

Quick takeaways

  • Leaking AWS API keys can lead to severe security risks, illustrated by an intern's experience with immediate attempts to access his email after sharing sensitive information.
  • Using canary tokens embedded within applications allows security researchers to effectively monitor unauthorized access attempts and gain insights into the motivations of potential attackers.

Deep dives

The Risks of Hard-Coded Credentials

Hard-coding credentials, such as AWS API keys, poses significant security risks for developers and organizations. An intern's experience illustrates this danger when he embedded sensitive information in a script shared on GitHub, resulting in immediate attempts to access his email account. Although he faced no negative consequences, the incident serves as a reminder that similar practices in larger projects could result in severe financial damage and data breaches. Such vulnerabilities often arise from a lack of awareness regarding safe programming practices, especially among those new to coding.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.
App store bannerPlay store banner

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode