Jump to content
OpenSecurity.global

Kevin Beaumont

Members
  • Content Count

    228
  • Joined

  • Last visited

  • Days Won

    32
  • Invited by

    DarkOverlord

Posts posted by Kevin Beaumont


  1. 6 hours ago, Mike James said:

    Damn, that is full on crazy! 😱

    But, at least it's fixed. Excellent work! 

    Yep it got fixed pretty quick when I tracked down the owner, the bucket had an employee name on it thankfully which let me track down the company. It’s been open for years so I hope no businesses put tokens and such in GET requests 😅 

    I found it by accident when looking for our business data being exposed. 


  2. Permissions fixed.

    Here's the list of data which was exposed:

    Bucket Filename Size
    mcdn-logs.s3.amazonaws.com Axel/adeslassegurcaixa.Akamai.log 14.95MB
    mcdn-logs.s3.amazonaws.com Axel/adeslassegurcaixa.EdgeCast.log.gz 24.72kB
    mcdn-logs.s3.amazonaws.com Axel/adidas.Akamai.log 24.62GB
    mcdn-logs.s3.amazonaws.com Axel/adidas.EdgeCast.log.gz 50.21MB
    mcdn-logs.s3.amazonaws.com Axel/aegon.Akamai.log 83.04MB
    mcdn-logs.s3.amazonaws.com Axel/aegon.EdgeCast.log.gz 67.09kB
    mcdn-logs.s3.amazonaws.com Axel/aktionmensch.Akamai.log 99.38MB
    mcdn-logs.s3.amazonaws.com Axel/aktionmensch.EdgeCast.log.gz 25.17kB
    mcdn-logs.s3.amazonaws.com Axel/alliander.Akamai.log 8.66MB
    mcdn-logs.s3.amazonaws.com Axel/alliander.EdgeCast.log.gz 8.71kB
    mcdn-logs.s3.amazonaws.com Axel/allianz-at.Akamai.log 46.29MB
    mcdn-logs.s3.amazonaws.com Axel/allianz-at.EdgeCast.log.gz 26.24kB
    mcdn-logs.s3.amazonaws.com Axel/allianz-deutschland.Akamai.log 98.76MB
    mcdn-logs.s3.amazonaws.com Axel/allianz-deutschland.EdgeCast.log.gz 89.62kB
    mcdn-logs.s3.amazonaws.com Axel/allianz-se.Akamai.log 28.13MB
    mcdn-logs.s3.amazonaws.com Axel/allianz-se.EdgeCast.log.gz 1.83kB
    mcdn-logs.s3.amazonaws.com Axel/amadeus.Akamai.log 132.65MB
    mcdn-logs.s3.amazonaws.com Axel/amadeus.EdgeCast.log.gz 69.54kB
    mcdn-logs.s3.amazonaws.com Axel/ao.Akamai.log 104.12GB
    mcdn-logs.s3.amazonaws.com Axel/ao.EdgeCast.log.gz 17.45MB
    mcdn-logs.s3.amazonaws.com Axel/arriva.Akamai.log 1.26GB
    mcdn-logs.s3.amazonaws.com Axel/arriva.EdgeCast.log.gz 955.33kB
    mcdn-logs.s3.amazonaws.com Axel/asr.Akamai.log 564.96MB
    mcdn-logs.s3.amazonaws.com Axel/asr.EdgeCast.log.gz 559.59kB
    mcdn-logs.s3.amazonaws.com Axel/astrazeneca.Akamai.log 167.23MB
    mcdn-logs.s3.amazonaws.com Axel/astrazeneca.EdgeCast.log.gz 1.59MB
    mcdn-logs.s3.amazonaws.com Axel/atg.Akamai.log 1.75GB
    mcdn-logs.s3.amazonaws.com Axel/atg.EdgeCast.log.gz 2.16MB
    mcdn-logs.s3.amazonaws.com Axel/autotrader.Akamai.log 1.63GB
    mcdn-logs.s3.amazonaws.com Axel/autotrader.EdgeCast.log.gz 9.31MB
    mcdn-logs.s3.amazonaws.com Axel/avisbudgetgroup.Akamai.log 2.34GB
    mcdn-logs.s3.amazonaws.com Axel/avisbudgetgroup.EdgeCast.log.gz 3.35MB
    mcdn-logs.s3.amazonaws.com Axel/axelspringer.Akamai.log 55.09GB
    mcdn-logs.s3.amazonaws.com Axel/axelspringer.EdgeCast.log.gz 38.06MB
    mcdn-logs.s3.amazonaws.com Axel/bahntms.Akamai.log 1.14GB
    mcdn-logs.s3.amazonaws.com Axel/bahntms.EdgeCast.log.gz 855.36kB
    mcdn-logs.s3.amazonaws.com Axel/bancopopular.Akamai.log 408.83MB
    mcdn-logs.s3.amazonaws.com Axel/bancopopular.EdgeCast.log.gz 282.25kB
    mcdn-logs.s3.amazonaws.com Axel/barcelohotels.Akamai.log 1.93MB
    mcdn-logs.s3.amazonaws.com Axel/barcelohotels.EdgeCast.log.gz 47.00B
    mcdn-logs.s3.amazonaws.com Axel/barmer.gek.Akamai.log 303.75MB
    mcdn-logs.s3.amazonaws.com Axel/barmer.gek.EdgeCast.log.gz 23.98kB
    mcdn-logs.s3.amazonaws.com Axel/basf.Akamai.log 166.05MB
    mcdn-logs.s3.amazonaws.com Axel/basf.EdgeCast.log.gz 194.81kB
    mcdn-logs.s3.amazonaws.com Axel/bbva.Akamai.log 4.89GB
    mcdn-logs.s3.amazonaws.com Axel/bbva.EdgeCast.log.gz 3.40MB
    mcdn-logs.s3.amazonaws.com Axel/belgacom.Akamai.log 734.51MB
    mcdn-logs.s3.amazonaws.com Axel/belgacom.EdgeCast.log.gz 7.29MB
    mcdn-logs.s3.amazonaws.com Axel/beslist.Akamai.log 571.59MB
    mcdn-logs.s3.amazonaws.com Axel/beslist.EdgeCast.log.gz 1.67MB
    mcdn-logs.s3.amazonaws.com Axel/betvictor.Akamai.log 33.47MB
    mcdn-logs.s3.amazonaws.com Axel/betvictor.EdgeCast.log.gz 549.01kB
    mcdn-logs.s3.amazonaws.com Axel/bg-thinktank.Akamai.log 0.00B
    mcdn-logs.s3.amazonaws.com Axel/bg-thinktank.EdgeCast.log.gz 256.00B
    mcdn-logs.s3.amazonaws.com Axel/blackrock.Akamai.log 565.81MB
    mcdn-logs.s3.amazonaws.com Axel/blackrock.EdgeCast.log.gz 1.60MB
    mcdn-logs.s3.amazonaws.com Axel/bmw.Akamai.log 1.01GB
    mcdn-logs.s3.amazonaws.com Axel/bmw.EdgeCast.log.gz 193.64kB
    mcdn-logs.s3.amazonaws.com Axel/bnd.Akamai.log 266.92MB
    mcdn-logs.s3.amazonaws.com Axel/bnd.EdgeCast.log.gz 212.36kB
    mcdn-logs.s3.amazonaws.com Axel/booking.com.Akamai.log 291.87GB
    mcdn-logs.s3.amazonaws.com Axel/booking.com.EdgeCast.log.gz 286.86MB
    mcdn-logs.s3.amazonaws.com Axel/bradycorp.Akamai.log 71.47MB
    mcdn-logs.s3.amazonaws.com Axel/bradycorp.EdgeCast.log.gz 290.99kB
    mcdn-logs.s3.amazonaws.com Axel/britax-emea.Akamai.log 8.59MB
    mcdn-logs.s3.amazonaws.com Axel/britax-emea.EdgeCast.log.gz 2.83kB
    mcdn-logs.s3.amazonaws.com Axel/brusselsairlines.Akamai.log 710.15MB
    mcdn-logs.s3.amazonaws.com Axel/brusselsairlines.EdgeCast.log.gz 776.79kB
    mcdn-logs.s3.amazonaws.com Axel/bupa.Akamai.log 262.47MB
    mcdn-logs.s3.amazonaws.com Axel/bupa.EdgeCast.log.gz 1.48MB
    mcdn-logs.s3.amazonaws.com Axel/camelot.Akamai.log 545.98MB
    mcdn-logs.s3.amazonaws.com Axel/camelot.EdgeCast.log.gz 7.69MB
    mcdn-logs.s3.amazonaws.com Axel/canoneurope.Akamai.log 2.05GB
    mcdn-logs.s3.amazonaws.com Axel/canoneurope.EdgeCast.log.gz 1.84MB
    mcdn-logs.s3.amazonaws.com Axel/carglass.Akamai.log 3.31MB
    mcdn-logs.s3.amazonaws.com Axel/carglass.EdgeCast.log.gz 6.65kB
    mcdn-logs.s3.amazonaws.com Axel/caser.Akamai.log 64.41MB
    mcdn-logs.s3.amazonaws.com Axel/caser.EdgeCast.log.gz 37.73kB
    mcdn-logs.s3.amazonaws.com Axel/cineworld.Akamai.log 236.58MB
    mcdn-logs.s3.amazonaws.com Axel/cineworld.EdgeCast.log.gz 1.09MB
    mcdn-logs.s3.amazonaws.com Axel/colruytgroup.Akamai.log 194.93MB
    mcdn-logs.s3.amazonaws.com Axel/colruytgroup.EdgeCast.log.gz 850.05kB
    mcdn-logs.s3.amazonaws.com Axel/condenast.Akamai.log 201.47kB
    mcdn-logs.s3.amazonaws.com Axel/condenast.EdgeCast.log.gz 557.00B
    mcdn-logs.s3.amazonaws.com Axel/consumentenbond.Akamai.log 151.69MB
    mcdn-logs.s3.amazonaws.com Axel/consumentenbond.EdgeCast.log.gz 168.78kB
    mcdn-logs.s3.amazonaws.com Axel/coop-ch.Akamai.log 682.40MB
    mcdn-logs.s3.amazonaws.com Axel/coop-ch.EdgeCast.log.gz 256.43kB
    mcdn-logs.s3.amazonaws.com Axel/coop-dk.Akamai.log 502.12MB
    mcdn-logs.s3.amazonaws.com Axel/coop-dk.EdgeCast.log.gz 192.43kB
    mcdn-logs.s3.amazonaws.com Axel/coopbank-uk.Akamai.log 132.36MB
    mcdn-logs.s3.amazonaws.com Axel/coopbank-uk.EdgeCast.log.gz 893.59kB
    mcdn-logs.s3.amazonaws.com Axel/corelio.Akamai.log 14.14GB
    mcdn-logs.s3.amazonaws.com Axel/corelio.EdgeCast.log.gz 8.40MB
    mcdn-logs.s3.amazonaws.com Axel/ctshirts.Akamai.log 267.79MB
    mcdn-logs.s3.amazonaws.com Axel/ctshirts.EdgeCast.log.gz 1.82MB
    mcdn-logs.s3.amazonaws.com Axel/debenhams.Akamai.log 1.58GB
    mcdn-logs.s3.amazonaws.com Axel/debenhams.EdgeCast.log.gz 8.06MB
    mcdn-logs.s3.amazonaws.com Axel/deltalloyd.Akamai.log 21.81MB
    mcdn-logs.s3.amazonaws.com Axel/deltalloyd.EdgeCast.log.gz 22.04kB
    mcdn-logs.s3.amazonaws.com Axel/depauli.Akamai.log 179.84MB
    mcdn-logs.s3.amazonaws.com Axel/depauli.EdgeCast.log.gz 101.09kB
    mcdn-logs.s3.amazonaws.com Axel/deutschawm.Akamai.log 0.00B
    mcdn-logs.s3.amazonaws.com Axel/deutschawm.EdgeCast.log.gz 44.00B
    mcdn-logs.s3.amazonaws.com Axel/diesel.Akamai.log 1.26GB
    mcdn-logs.s3.amazonaws.com Axel/diesel.EdgeCast.log.gz 1.54MB
    mcdn-logs.s3.amazonaws.com Axel/dnb.Akamai.log 870.94MB
    mcdn-logs.s3.amazonaws.com Axel/dnb.EdgeCast.log.gz 825.87kB
    mcdn-logs.s3.amazonaws.com Axel/dtcm.Akamai.log 1.33GB
    mcdn-logs.s3.amazonaws.com Axel/dtcm.EdgeCast.log.gz 646.65kB
    mcdn-logs.s3.amazonaws.com Axel/easyfundraising.Akamai.log 23.77MB
    mcdn-logs.s3.amazonaws.com Axel/easyfundraising.EdgeCast.log.gz 94.83kB
    mcdn-logs.s3.amazonaws.com Axel/edynamics.Akamai.log 490.48kB
    mcdn-logs.s3.amazonaws.com Axel/edynamics.EdgeCast.log.gz 43.00B
    mcdn-logs.s3.amazonaws.com Axel/ee.Akamai.log 245.06GB
    mcdn-logs.s3.amazonaws.com Axel/ee.EdgeCast.log.gz 211.55MB
    mcdn-logs.s3.amazonaws.com Axel/elililly.Akamai.log 4.18MB
    mcdn-logs.s3.amazonaws.com Axel/elililly.EdgeCast.log.gz 14.33kB
    mcdn-logs.s3.amazonaws.com Axel/emoov.Akamai.log 1.46MB
    mcdn-logs.s3.amazonaws.com Axel/emoov.EdgeCast.log.gz 10.27kB
    mcdn-logs.s3.amazonaws.com Axel/enbw.Akamai.log 5.22MB
    mcdn-logs.s3.amazonaws.com Axel/enbw.EdgeCast.log.gz 4.54kB
    mcdn-logs.s3.amazonaws.com Axel/eos.commerce.ag.Akamai.log 337.83MB
    mcdn-logs.s3.amazonaws.com Axel/eos.commerce.ag.EdgeCast.log.gz 111.89kB
    mcdn-logs.s3.amazonaws.com Axel/epi.Akamai.log 8.59GB
    mcdn-logs.s3.amazonaws.com Axel/epi.EdgeCast.log.gz 6.74MB
    mcdn-logs.s3.amazonaws.com Axel/fashionid.Akamai.log 745.15MB
    mcdn-logs.s3.amazonaws.com Axel/fashionid.EdgeCast.log.gz 508.65kB
    mcdn-logs.s3.amazonaws.com Axel/firstrate.Akamai.log 43.82MB
    mcdn-logs.s3.amazonaws.com Axel/firstrate.EdgeCast.log.gz 222.41kB
    mcdn-logs.s3.amazonaws.com Axel/francetv.Akamai.log 132.83MB
    mcdn-logs.s3.amazonaws.com Axel/francetv.EdgeCast.log.gz 161.54kB
    mcdn-logs.s3.amazonaws.com Axel/funda.Akamai.log 1.33GB
    mcdn-logs.s3.amazonaws.com Axel/funda.EdgeCast.log.gz 271.15kB
    mcdn-logs.s3.amazonaws.com Axel/fxclub.Akamai.log 2.44GB
    mcdn-logs.s3.amazonaws.com Axel/fxclub.EdgeCast.log.gz 1.95MB
    mcdn-logs.s3.amazonaws.com Axel/gadventures.Akamai.log 154.41MB
    mcdn-logs.s3.amazonaws.com Axel/gadventures.EdgeCast.log.gz 623.83kB
    mcdn-logs.s3.amazonaws.com Axel/gamesys.Akamai.log 170.70MB
    mcdn-logs.s3.amazonaws.com Axel/gamesys.EdgeCast.log.gz 4.78MB
    mcdn-logs.s3.amazonaws.com Axel/gjensidige.Akamai.log 53.10MB
    mcdn-logs.s3.amazonaws.com Axel/gjensidige.EdgeCast.log.gz 44.50kB
    mcdn-logs.s3.amazonaws.com Axel/gmg.Akamai.log 488.49MB
    mcdn-logs.s3.amazonaws.com Axel/gmg.EdgeCast.log.gz 1.22MB
    mcdn-logs.s3.amazonaws.com Axel/goertz.Akamai.log 423.36MB
    mcdn-logs.s3.amazonaws.com Axel/goertz.EdgeCast.log.gz 297.06kB
    mcdn-logs.s3.amazonaws.com Axel/golfbreaks.Akamai.log 7.59MB
    mcdn-logs.s3.amazonaws.com Axel/golfbreaks.EdgeCast.log.gz 55.51kB
    mcdn-logs.s3.amazonaws.com Axel/grain-data-consultants.Akamai.log 38.62kB
    mcdn-logs.s3.amazonaws.com Axel/grain-data-consultants.EdgeCast.log.gz 659.00B
    mcdn-logs.s3.amazonaws.com Axel/grupozeta.Akamai.log 11.50GB
    mcdn-logs.s3.amazonaws.com Axel/grupozeta.EdgeCast.log.gz 26.51MB
    mcdn-logs.s3.amazonaws.com Axel/gsmg.Akamai.log 3.10GB
    mcdn-logs.s3.amazonaws.com Axel/gsmg.EdgeCast.log.gz 2.34MB
    mcdn-logs.s3.amazonaws.com Axel/haymarket.Akamai.log 6.75GB
    mcdn-logs.s3.amazonaws.com Axel/haymarket.EdgeCast.log.gz 8.36MB
    mcdn-logs.s3.amazonaws.com Axel/hcauk-healthcare.Akamai.log 810.80kB
    mcdn-logs.s3.amazonaws.com Axel/hcauk-healthcare.EdgeCast.log.gz 50.00B
    mcdn-logs.s3.amazonaws.com Axel/heineken.Akamai.log 129.11MB
    mcdn-logs.s3.amazonaws.com Axel/heineken.EdgeCast.log.gz 24.14kB
    mcdn-logs.s3.amazonaws.com Axel/here.Akamai.log 5.86GB
    mcdn-logs.s3.amazonaws.com Axel/here.EdgeCast.log.gz 4.10MB
    mcdn-logs.s3.amazonaws.com Axel/hm.Akamai.log 38.83GB
    mcdn-logs.s3.amazonaws.com Axel/hm.EdgeCast.log.gz 43.84MB
    mcdn-logs.s3.amazonaws.com Axel/hotelopia.Akamai.log 103.11MB
    mcdn-logs.s3.amazonaws.com Axel/hotelopia.EdgeCast.log.gz 103.75kB
    mcdn-logs.s3.amazonaws.com Axel/hrs.Akamai.log 2.21GB
    mcdn-logs.s3.amazonaws.com Axel/hrs.EdgeCast.log.gz 1.85MB
    mcdn-logs.s3.amazonaws.com Axel/hsbc.Akamai.log 25.06GB
    mcdn-logs.s3.amazonaws.com Axel/hsbc.EdgeCast.log.gz 16.35MB
    mcdn-logs.s3.amazonaws.com Axel/hsx.Akamai.log 199.45MB
    mcdn-logs.s3.amazonaws.com Axel/hsx.EdgeCast.log.gz 594.30kB
    mcdn-logs.s3.amazonaws.com Axel/idealista.Akamai.log 1.88GB
    mcdn-logs.s3.amazonaws.com Axel/idealista.EdgeCast.log.gz 3.86MB
    mcdn-logs.s3.amazonaws.com Axel/ikea.Akamai.log 33.55GB
    mcdn-logs.s3.amazonaws.com Axel/ikea.EdgeCast.log.gz 97.48MB
    mcdn-logs.s3.amazonaws.com Axel/immobilienscout.Akamai.log 43.18GB
    mcdn-logs.s3.amazonaws.com Axel/immobilienscout.EdgeCast.log.gz 3.24MB
    mcdn-logs.s3.amazonaws.com Axel/kaplan.Akamai.log 340.79MB
    mcdn-logs.s3.amazonaws.com Axel/kaplan.EdgeCast.log.gz 183.55kB
    mcdn-logs.s3.amazonaws.com Axel/kaxmedia.Akamai.log 3.26MB
    mcdn-logs.s3.amazonaws.com Axel/kaxmedia.EdgeCast.log.gz 16.31kB
    mcdn-logs.s3.amazonaws.com Axel/kingfisher.Akamai.log 875.56MB
    mcdn-logs.s3.amazonaws.com Axel/kingfisher.EdgeCast.log.gz 5.84MB
    mcdn-logs.s3.amazonaws.com Axel/kwf-adversitement.Akamai.log 8.16MB
    mcdn-logs.s3.amazonaws.com Axel/kwf-adversitement.EdgeCast.log.gz 11.71kB
    mcdn-logs.s3.amazonaws.com Axel/leguide.Akamai.log 56.94MB
    mcdn-logs.s3.amazonaws.com Axel/leguide.EdgeCast.log.gz 52.46kB
    mcdn-logs.s3.amazonaws.com Axel/leroymerlinit.Akamai.log 198.97MB
    mcdn-logs.s3.amazonaws.com Axel/leroymerlinit.EdgeCast.log.gz 817.83kB
    mcdn-logs.s3.amazonaws.com Axel/lgi.Akamai.log 3.02GB
    mcdn-logs.s3.amazonaws.com Axel/lgi.EdgeCast.log.gz 5.96MB
    mcdn-logs.s3.amazonaws.com Axel/liberty-seguros.Akamai.log 11.98MB
    mcdn-logs.s3.amazonaws.com Axel/liberty-seguros.EdgeCast.log.gz 22.80kB
    mcdn-logs.s3.amazonaws.com Axel/lineadirecta.Akamai.log 124.67MB
    mcdn-logs.s3.amazonaws.com Axel/lineadirecta.EdgeCast.log.gz 266.59kB
    mcdn-logs.s3.amazonaws.com Axel/lloyds.Akamai.log 341.41MB
    mcdn-logs.s3.amazonaws.com Axel/lloyds.EdgeCast.log.gz 1.25MB
    mcdn-logs.s3.amazonaws.com Axel/lottery-ie.Akamai.log 288.09MB
    mcdn-logs.s3.amazonaws.com Axel/lottery-ie.EdgeCast.log.gz 563.37kB
    mcdn-logs.s3.amazonaws.com Axel/louisvuitton.Akamai.log 255.12MB
    mcdn-logs.s3.amazonaws.com Axel/louisvuitton.EdgeCast.log.gz 9.30kB
    mcdn-logs.s3.amazonaws.com Axel/lufthansa.Akamai.log 5.60GB
    mcdn-logs.s3.amazonaws.com Axel/lufthansa.EdgeCast.log.gz 5.62MB
    mcdn-logs.s3.amazonaws.com Axel/mainova.Akamai.log 8.08MB
    mcdn-logs.s3.amazonaws.com Axel/mainova.EdgeCast.log.gz 7.47kB
    mcdn-logs.s3.amazonaws.com Axel/marksandspencer.Akamai.log 1.30GB
    mcdn-logs.s3.amazonaws.com Axel/marksandspencer.EdgeCast.log.gz 5.38MB
    mcdn-logs.s3.amazonaws.com Axel/maxdome.Akamai.log 813.72MB
    mcdn-logs.s3.amazonaws.com Axel/maxdome.EdgeCast.log.gz 1.69MB
    mcdn-logs.s3.amazonaws.com Axel/maxmara.Akamai.log 517.49MB
    mcdn-logs.s3.amazonaws.com Axel/maxmara.EdgeCast.log.gz 1.07MB
    mcdn-logs.s3.amazonaws.com Axel/mbna.Akamai.log 225.92MB
    mcdn-logs.s3.amazonaws.com Axel/mbna.EdgeCast.log.gz 0.97MB
    mcdn-logs.s3.amazonaws.com Axel/mcdonalds.Akamai.log 752.19MB
    mcdn-logs.s3.amazonaws.com Axel/mcdonalds.EdgeCast.log.gz 106.91kB
    mcdn-logs.s3.amazonaws.com Axel/mediaset.Akamai.log 4.19GB
    mcdn-logs.s3.amazonaws.com Axel/mediaset.EdgeCast.log.gz 21.06MB
    mcdn-logs.s3.amazonaws.com Axel/melia.Akamai.log 5.42GB
    mcdn-logs.s3.amazonaws.com Axel/melia.EdgeCast.log.gz 7.25MB
    mcdn-logs.s3.amazonaws.com Axel/merck.Akamai.log 400.12MB
    mcdn-logs.s3.amazonaws.com Axel/merck.EdgeCast.log.gz 3.71MB
    mcdn-logs.s3.amazonaws.com Axel/milkround.Akamai.log 163.99kB
    mcdn-logs.s3.amazonaws.com Axel/milkround.EdgeCast.log.gz 670.00B
    mcdn-logs.s3.amazonaws.com Axel/missetam.Akamai.log 0.00B
    mcdn-logs.s3.amazonaws.com Axel/missetam.EdgeCast.log.gz 42.00B
    mcdn-logs.s3.amazonaws.com Axel/missguided.com.Akamai.log 275.99MB
    mcdn-logs.s3.amazonaws.com Axel/missguided.com.EdgeCast.log.gz 2.14MB
    mcdn-logs.s3.amazonaws.com Axel/mobistar.Akamai.log 103.91MB
    mcdn-logs.s3.amazonaws.com Axel/mobistar.EdgeCast.log.gz 666.60kB
    mcdn-logs.s3.amazonaws.com Axel/monclick.Akamai.log 69.91MB
    mcdn-logs.s3.amazonaws.com Axel/monclick.EdgeCast.log.gz 556.98kB
    mcdn-logs.s3.amazonaws.com Axel/mumsnet.Akamai.log 420.94kB
    mcdn-logs.s3.amazonaws.com Axel/mumsnet.EdgeCast.log.gz 41.00B
    mcdn-logs.s3.amazonaws.com Axel/mutuamadrilena.Akamai.log 103.04MB
    mcdn-logs.s3.amazonaws.com Axel/mutuamadrilena.EdgeCast.log.gz 198.12kB
    mcdn-logs.s3.amazonaws.com Axel/nbty.Akamai.log 311.73MB
    mcdn-logs.s3.amazonaws.com Axel/nbty.EdgeCast.log.gz 1.68MB
    mcdn-logs.s3.amazonaws.com Axel/newsinternational.Akamai.log 17.47GB
    mcdn-logs.s3.amazonaws.com Axel/newsinternational.EdgeCast.log.gz 51.94MB
    mcdn-logs.s3.amazonaws.com Axel/newsquestdm.Akamai.log 1.18GB
    mcdn-logs.s3.amazonaws.com Axel/newsquestdm.EdgeCast.log.gz 6.90MB
    mcdn-logs.s3.amazonaws.com Axel/nh-hoteles.Akamai.log 320.61MB
    mcdn-logs.s3.amazonaws.com Axel/nh-hoteles.EdgeCast.log.gz 509.14kB
    mcdn-logs.s3.amazonaws.com Axel/nisbets.Akamai.log 70.24MB
    mcdn-logs.s3.amazonaws.com Axel/nisbets.EdgeCast.log.gz 408.85kB
    mcdn-logs.s3.amazonaws.com Axel/nordea.Akamai.log 3.03MB
    mcdn-logs.s3.amazonaws.com Axel/nordea.EdgeCast.log.gz 3.35kB
    mcdn-logs.s3.amazonaws.com Axel/norsktipping.Akamai.log 599.73MB
    mcdn-logs.s3.amazonaws.com Axel/norsktipping.EdgeCast.log.gz 668.45kB
    mcdn-logs.s3.amazonaws.com Axel/northern-and-shell.Akamai.log 19.48GB
    mcdn-logs.s3.amazonaws.com Axel/northern-and-shell.EdgeCast.log.gz 43.69MB
    mcdn-logs.s3.amazonaws.com Axel/npower.Akamai.log 18.06MB
    mcdn-logs.s3.amazonaws.com Axel/npower.EdgeCast.log.gz 1.70kB
    mcdn-logs.s3.amazonaws.com Axel/obos.Akamai.log 24.96GB
    mcdn-logs.s3.amazonaws.com Axel/obos.EdgeCast.log.gz 2.79MB
    mcdn-logs.s3.amazonaws.com Axel/oev.Akamai.log 760.52MB
    mcdn-logs.s3.amazonaws.com Axel/oev.EdgeCast.log.gz 316.64kB
    mcdn-logs.s3.amazonaws.com Axel/option24.Akamai.log 416.19MB
    mcdn-logs.s3.amazonaws.com Axel/option24.EdgeCast.log.gz 468.42kB
    mcdn-logs.s3.amazonaws.com Axel/orange-es.Akamai.log 710.79MB
    mcdn-logs.s3.amazonaws.com Axel/orange-es.EdgeCast.log.gz 5.44MB
    mcdn-logs.s3.amazonaws.com Axel/orange.Akamai.log 6.68GB
    mcdn-logs.s3.amazonaws.com Axel/orange.EdgeCast.log.gz 43.56MB
    mcdn-logs.s3.amazonaws.com Axel/orangech.Akamai.log 560.28kB
    mcdn-logs.s3.amazonaws.com Axel/orangech.EdgeCast.log.gz 619.00B
    mcdn-logs.s3.amazonaws.com Axel/pandora.Akamai.log 3.85GB
    mcdn-logs.s3.amazonaws.com Axel/pandora.EdgeCast.log.gz 15.44MB
    mcdn-logs.s3.amazonaws.com Axel/partenamut.Akamai.log 30.06MB
    mcdn-logs.s3.amazonaws.com Axel/partenamut.EdgeCast.log.gz 98.30kB
    mcdn-logs.s3.amazonaws.com Axel/pictet.Akamai.log 0.96MB
    mcdn-logs.s3.amazonaws.com Axel/pictet.EdgeCast.log.gz 684.00B
    mcdn-logs.s3.amazonaws.com Axel/pon.Akamai.log 74.66GB
    mcdn-logs.s3.amazonaws.com Axel/pon.EdgeCast.log.gz 32.96MB
    mcdn-logs.s3.amazonaws.com Axel/porsche-at.Akamai.log 621.86MB
    mcdn-logs.s3.amazonaws.com Axel/porsche-at.EdgeCast.log.gz 330.58kB
    mcdn-logs.s3.amazonaws.com Axel/postbank.Akamai.log 10.32MB
    mcdn-logs.s3.amazonaws.com Axel/postbank.EdgeCast.log.gz 42.00B
    mcdn-logs.s3.amazonaws.com Axel/pro7.Akamai.log 7.65GB
    mcdn-logs.s3.amazonaws.com Axel/pro7.EdgeCast.log.gz 5.38MB
    mcdn-logs.s3.amazonaws.com Axel/pulsecomms.Akamai.log 5.62MB
    mcdn-logs.s3.amazonaws.com Axel/pulsecomms.EdgeCast.log.gz 5.60kB
    mcdn-logs.s3.amazonaws.com Axel/qvc.Akamai.log 3.68GB
    mcdn-logs.s3.amazonaws.com Axel/qvc.EdgeCast.log.gz 44.79MB
    mcdn-logs.s3.amazonaws.com Axel/rakuten.Akamai.log 10.08GB
    mcdn-logs.s3.amazonaws.com Axel/rakuten.EdgeCast.log.gz 617.34kB
    mcdn-logs.s3.amazonaws.com Axel/rankgaming.Akamai.log 49.55MB
    mcdn-logs.s3.amazonaws.com Axel/rankgaming.EdgeCast.log.gz 1.08MB
    mcdn-logs.s3.amazonaws.com Axel/raumfeld.Akamai.log 408.89MB
    mcdn-logs.s3.amazonaws.com Axel/raumfeld.EdgeCast.log.gz 239.09kB
    mcdn-logs.s3.amazonaws.com Axel/robeco.Akamai.log 4.60MB
    mcdn-logs.s3.amazonaws.com Axel/robeco.EdgeCast.log.gz 7.48kB
    mcdn-logs.s3.amazonaws.com Axel/robert-bosch.Akamai.log 1.75MB
    mcdn-logs.s3.amazonaws.com Axel/robert-bosch.EdgeCast.log.gz 1.99kB
    mcdn-logs.s3.amazonaws.com Axel/royalmail.Akamai.log 517.24MB
    mcdn-logs.s3.amazonaws.com Axel/royalmail.EdgeCast.log.gz 1.65MB
    mcdn-logs.s3.amazonaws.com Axel/sabadell.Akamai.log 1.43GB
    mcdn-logs.s3.amazonaws.com Axel/sabadell.EdgeCast.log.gz 2.25MB
    mcdn-logs.s3.amazonaws.com Axel/sage.Akamai.log 42.78GB
    mcdn-logs.s3.amazonaws.com Axel/sage.EdgeCast.log.gz 1.45MB
    mcdn-logs.s3.amazonaws.com Axel/sanitas.Akamai.log 12.51MB
    mcdn-logs.s3.amazonaws.com Axel/sanitas.EdgeCast.log.gz 13.59kB
    mcdn-logs.s3.amazonaws.com Axel/sanoma.Akamai.log 4.63GB
    mcdn-logs.s3.amazonaws.com Axel/sanoma.EdgeCast.log.gz 9.10MB
    mcdn-logs.s3.amazonaws.com Axel/santander.Akamai.log 174.30GB
    mcdn-logs.s3.amazonaws.com Axel/santander.EdgeCast.log.gz 23.33MB
    mcdn-logs.s3.amazonaws.com Axel/schibsted.Akamai.log 82.38GB
    mcdn-logs.s3.amazonaws.com Axel/schibsted.EdgeCast.log.gz 94.97MB
    mcdn-logs.s3.amazonaws.com Axel/schweizerischepost.Akamai.log 0.99GB
    mcdn-logs.s3.amazonaws.com Axel/schweizerischepost.EdgeCast.log.gz 200.00kB
    mcdn-logs.s3.amazonaws.com Axel/sdv-it.Akamai.log 21.75kB
    mcdn-logs.s3.amazonaws.com Axel/sdv-it.EdgeCast.log.gz 40.00B
    mcdn-logs.s3.amazonaws.com Axel/selfridges.Akamai.log 509.35MB
    mcdn-logs.s3.amazonaws.com Axel/selfridges.EdgeCast.log.gz 1.13MB
    mcdn-logs.s3.amazonaws.com Axel/sick.Akamai.log 464.56MB
    mcdn-logs.s3.amazonaws.com Axel/sick.EdgeCast.log.gz 100.98kB
    mcdn-logs.s3.amazonaws.com Axel/sisal.Akamai.log 561.39MB
    mcdn-logs.s3.amazonaws.com Axel/sisal.EdgeCast.log.gz 2.01MB
    mcdn-logs.s3.amazonaws.com Axel/snowandrock.Akamai.log 4.51kB
    mcdn-logs.s3.amazonaws.com Axel/snowandrock.EdgeCast.log.gz 45.00B
    mcdn-logs.s3.amazonaws.com Axel/stenalinetealium.Akamai.log 472.33MB
    mcdn-logs.s3.amazonaws.com Axel/stenalinetealium.EdgeCast.log.gz 614.82kB
    mcdn-logs.s3.amazonaws.com Axel/swisscom.Akamai.log 6.90GB
    mcdn-logs.s3.amazonaws.com Axel/swisscom.EdgeCast.log.gz 1.08MB
    mcdn-logs.s3.amazonaws.com Axel/t-systems.Akamai.log 59.31MB
    mcdn-logs.s3.amazonaws.com Axel/t-systems.EdgeCast.log.gz 2.41kB
    mcdn-logs.s3.amazonaws.com Axel/takeaway.Akamai.log 145.92MB
    mcdn-logs.s3.amazonaws.com Axel/takeaway.EdgeCast.log.gz 7.73kB
    mcdn-logs.s3.amazonaws.com Axel/tdc-group.Akamai.log 754.62MB
    mcdn-logs.s3.amazonaws.com Axel/tdc-group.EdgeCast.log.gz 545.77kB
    mcdn-logs.s3.amazonaws.com Axel/tedbaker.Akamai.log 721.05MB
    mcdn-logs.s3.amazonaws.com Axel/tedbaker.EdgeCast.log.gz 2.89MB
    mcdn-logs.s3.amazonaws.com Axel/telefonica.Akamai.log 1.08GB
    mcdn-logs.s3.amazonaws.com Axel/telefonica.EdgeCast.log.gz 1.78MB
    mcdn-logs.s3.amazonaws.com Axel/telekom.Akamai.log 108.22GB
    mcdn-logs.s3.amazonaws.com Axel/telekom.EdgeCast.log.gz 11.13MB
    mcdn-logs.s3.amazonaws.com Axel/telenor-global.Akamai.log 70.51MB
    mcdn-logs.s3.amazonaws.com Axel/telenor-global.EdgeCast.log.gz 48.29kB
    mcdn-logs.s3.amazonaws.com Axel/telenor.Akamai.log 570.52MB
    mcdn-logs.s3.amazonaws.com Axel/telenor.EdgeCast.log.gz 840.51kB
    mcdn-logs.s3.amazonaws.com Axel/tfl.Akamai.log 1.78GB
    mcdn-logs.s3.amazonaws.com Axel/tfl.EdgeCast.log.gz 3.09MB
    mcdn-logs.s3.amazonaws.com Axel/theaa.Akamai.log 119.61MB
    mcdn-logs.s3.amazonaws.com Axel/theaa.EdgeCast.log.gz 1.05MB
    mcdn-logs.s3.amazonaws.com Axel/thesedays.Akamai.log 0.00B
    mcdn-logs.s3.amazonaws.com Axel/thesedays.EdgeCast.log.gz 43.00B
    mcdn-logs.s3.amazonaws.com Axel/tmggroup.Akamai.log 3.69GB
    mcdn-logs.s3.amazonaws.com Axel/tmggroup.EdgeCast.log.gz 5.49MB
    mcdn-logs.s3.amazonaws.com Axel/tomtom.Akamai.log 1.59GB
    mcdn-logs.s3.amazonaws.com Axel/tomtom.EdgeCast.log.gz 2.43MB
    mcdn-logs.s3.amazonaws.com Axel/totalms.Akamai.log 185.47MB
    mcdn-logs.s3.amazonaws.com Axel/totalms.EdgeCast.log.gz 234.77kB
    mcdn-logs.s3.amazonaws.com Axel/trendmicro.Akamai.log 1.61GB
    mcdn-logs.s3.amazonaws.com Axel/trendmicro.EdgeCast.log.gz 1.70MB
    mcdn-logs.s3.amazonaws.com Axel/tripsta.Akamai.log 3.87GB
    mcdn-logs.s3.amazonaws.com Axel/tripsta.EdgeCast.log.gz 814.53kB
    mcdn-logs.s3.amazonaws.com Axel/tryba.Akamai.log 4.25MB
    mcdn-logs.s3.amazonaws.com Axel/tryba.EdgeCast.log.gz 12.99kB
    mcdn-logs.s3.amazonaws.com Axel/tryg.Akamai.log 93.76MB
    mcdn-logs.s3.amazonaws.com Axel/tryg.EdgeCast.log.gz 48.77kB
    mcdn-logs.s3.amazonaws.com Axel/tsb.Akamai.log 2.24GB
    mcdn-logs.s3.amazonaws.com Axel/tsb.EdgeCast.log.gz 12.97MB
    mcdn-logs.s3.amazonaws.com Axel/tui.Akamai.log 4.66GB
    mcdn-logs.s3.amazonaws.com Axel/tui.EdgeCast.log.gz 2.17MB
    mcdn-logs.s3.amazonaws.com Axel/turkcell.Akamai.log 6.00GB
    mcdn-logs.s3.amazonaws.com Axel/turkcell.EdgeCast.log.gz 538.18kB
    mcdn-logs.s3.amazonaws.com Axel/tv5monde.Akamai.log 207.28kB
    mcdn-logs.s3.amazonaws.com Axel/tv5monde.EdgeCast.log.gz 42.00B
    mcdn-logs.s3.amazonaws.com Axel/twinings.Akamai.log 7.62MB
    mcdn-logs.s3.amazonaws.com Axel/twinings.EdgeCast.log.gz 19.18kB
    mcdn-logs.s3.amazonaws.com Axel/uefa.Akamai.log 1.83GB
    mcdn-logs.s3.amazonaws.com Axel/uefa.EdgeCast.log.gz 1.51MB
    mcdn-logs.s3.amazonaws.com Axel/unicredit.Akamai.log 525.75MB
    mcdn-logs.s3.amazonaws.com Axel/unicredit.EdgeCast.log.gz 800.31kB
    mcdn-logs.s3.amazonaws.com Axel/unive.Akamai.log 6.50GB
    mcdn-logs.s3.amazonaws.com Axel/unive.EdgeCast.log.gz 1.70MB
    mcdn-logs.s3.amazonaws.com Axel/urbanoutfitters.Akamai.log 5.84GB
    mcdn-logs.s3.amazonaws.com Axel/urbanoutfitters.EdgeCast.log.gz 40.96MB
    mcdn-logs.s3.amazonaws.com Axel/utopiatv.Akamai.log 156.22MB
    mcdn-logs.s3.amazonaws.com Axel/utopiatv.EdgeCast.log.gz 304.82kB
    mcdn-logs.s3.amazonaws.com Axel/vacansoleil.Akamai.log 300.04MB
    mcdn-logs.s3.amazonaws.com Axel/vacansoleil.EdgeCast.log.gz 364.41kB
    mcdn-logs.s3.amazonaws.com Axel/vente-privee.Akamai.log 1.65GB
    mcdn-logs.s3.amazonaws.com Axel/vente-privee.EdgeCast.log.gz 3.26MB
    mcdn-logs.s3.amazonaws.com Axel/vgz.Akamai.log 206.77MB
    mcdn-logs.s3.amazonaws.com Axel/vgz.EdgeCast.log.gz 178.44kB
    mcdn-logs.s3.amazonaws.com Axel/vodafone.Akamai.log 227.82GB
    mcdn-logs.s3.amazonaws.com Axel/vodafone.EdgeCast.log.gz 236.56MB
    mcdn-logs.s3.amazonaws.com Axel/volvo.Akamai.log 2.86GB
    mcdn-logs.s3.amazonaws.com Axel/volvo.EdgeCast.log.gz 7.21MB
    mcdn-logs.s3.amazonaws.com Axel/yara.Akamai.log 1.84GB
    mcdn-logs.s3.amazonaws.com Axel/yara.EdgeCast.log.gz 296.00kB
    mcdn-logs.s3.amazonaws.com Axel/yemeksepeti.Akamai.log 3.09GB
    mcdn-logs.s3.amazonaws.com Axel/yemeksepeti.EdgeCast.log.gz 269.70kB
    mcdn-logs.s3.amazonaws.com Axel/zegna.Akamai.log 54.22MB
    mcdn-logs.s3.amazonaws.com Axel/zegna.EdgeCast.log.gz 210.37kB
    mcdn-logs.s3.amazonaws.com Axel/zoover.Akamai.log 356.48MB
    mcdn-logs.s3.amazonaws.com Axel/zoover.EdgeCast.log.gz 377.01kB
    mcdn-logs.s3.amazonaws.com Axel/zurich.Akamai.log 717.94MB
    mcdn-logs.s3.amazonaws.com Axel/zurich.EdgeCast.log.gz 299.14kB
    mcdn-logs.s3.amazonaws.com autonation/may_akamai.log 710.91MB
    mcdn-logs.s3.amazonaws.com autonation/may_edgecast.log 3.33GB
    mcdn-logs.s3.amazonaws.com dominos-pe_may_akamai.log 282.88MB
    • Sad 1

  3. Indictment PDF: https://www.dropbox.com/s/z7u5rxcdajuvw6t/19718675504.pdf?dl=0

    A bunch of things stand out:

    • Why did the WAF account apparently have access to the S3 storage buckets?
    • Why wasn't the data of hundreds of millions of people's credit checks encrypted?  Should that kind of data have been left for so long in cloud buckets?
    • Why didn't they notice all these S3 buckets being sync'd to a random VPN IP address?  It happened 4 months ago.
    • Why didn't they notice the Gitlab pages listing their config?
    • Why didn't they notice until somebody random emailed them to tell them?

    I don't know if more details will go public (they probably don't want it to get to trial for obvious reasons).

    I guess lessons learned from outside looking in is:

    - Monitoring.  Ingest your cloud logs.  Alert against them.  Monitor sites like Github and Gitlab for obviously sensitive information, e.g. usernames, bucket names etc.

    And yes, this is the kind of incident that would (and still will) catch many orgs with their pants down, Capital One aren't alone.  It looks like the same person behind this one hit other fintech orgs too, looking at their online files - I'm going to guess they haven't noticed yet either.


  4. The browser just uses whichever certificate it has been provided via the network and validates it as usual, e.g. if the cert is signed by a CA it trusts and the certificate is valid, it doesn't show a warning.

    I don't have a link to hand re the Kazakhstan certificate but the website is reachable, it just tells you have to install it on different devices.


  5. 1 hour ago, Ian Chisholm said:

    I was SO hoping there would be something else!!!

    I guess you could have a break glass admin account outside of MFA policy - then use that to reconfigure things if things go wrong.  If you use Conditional Access I guess you could whitelist everything to bypass MFA then.


  6. 20 hours ago, Tim Casey said:

    What I still don’t understand: There are lots of root CAs in the cert store or browser. How does adding one, negate the others? Where is the logic that says “Use this CA and not the others” ?

    If somebody/something is intercepting the traffic at network layer, it can present whatever certificate it wants.  So say on a corporate network, you intercept the traffic and rewrite it to use a custom CA signed certificate - that way the client end trusts it, and you can see inside the traffic.


  7. 16 minutes ago, Tim Casey said:

    Do you have any documentation on how you do this? For MS systems you'd probably do a GPO as the certificates are in the OS. Firefox has it's own.

     

    For Internet Explorer, Edge and Chrome you just inject it into the Windows CA store, you can do this with Group Policy.

    For Firefox, https://wiki.mozilla.org/CA/AddRootToFirefox

    In the case of Kazakhstan they just get people to manually import it.


  8. If you’re deploying at a greenfield site Azure Sentinel is pretty good as it’s very easy to get up and running, and cheap. And they have good built in threat detection and such. 

    The struggle with Splunk has been very real for me. I think it’s too big for many orgs. 


  9. 4 hours ago, james mckinlay said:

    nope - SIEM is designed not to protect but to empty the security budget - it has been a cash cow for HP, IBM, RSA etc etc -  and has distracted people away from root causes and real fixes

    What you really need is for me to shut up - and the people who love SIEM and SOC automation and Machine Learning to jump in here and support your PhD research

    SIEM solutions save my ass all the time, as does AV - it's the only way to have some insight and basic control in an organisation of this size, as I can't reinvent how the company does IT from within a Security Operations function.

    Problems occur around how companies deploy these technologies - e.g. with AV they often fail to set and enforce sane defaults (e.g. Windows Defender customers often don't turn on the MAPS telemetry - which is the best feature for protection) and look after the installations (e.g. in a company a few year into its current AV journey, you will often find hundreds+ of broke AV installations due to lack of disk space etc.  With SIEM you'll find companies who spend big to splurge everything into the system, and then have no real detection rules.

    • Like 3

  10. If it’s Palo-Alto, assuming you have SSL decryption set up (set it up) you can just block the application dns-over-https - Palo Alto use application classification where they look at the traffic and decided what it is, and they have definitions for the RFC standard for this. 

    Also keep your Palo-Alto upgraded 😅


  11. This is how enterprises monitor SSL traffic - e.g. here we install a self-signed root CA on every endpoint, and then intercept traffic.  Browsers have never protected against it.

    So as I'm browsing this at work in Chrome I see a valid certificate, but if I look it is signed by somebody else (i.e. my work):

    image.png.51924a0707748860b707409700e4fdba.png

    This site is also served with TLS 1.3, which many people in InfoSec think can't be intercepted - but it can as we do it.  TLS 1.3 has become another one of those InfoSec urban myths.

    • Like 1

  12. 1 minute ago, Jack Whitter-Jones said:

    I must admit the site looks clean and slick. I love PHP and the frameworks that come with it. But some people loathe the language, I just don't understand why. It reminds me of C++ but for web.

    The site is just off the shelf stuff with minor tinkering.  I like PHP though, I think it's pretty easy to pick up.  It has a bad security reputation but you can harden it - e.g. here AppArmor is running on the webserver, and the PHP config disables unused and risky functions.

    • Like 1

  13. 1 minute ago, Jack Whitter-Jones said:

    Nice to meet you all!

    Jack - I am a PhD student at the University of South Wales focusing my research in Security Operations with the aim of trying to reduce log burnout/analyst stress through the use of automation and machine learning. I teach software development in what most people find as the most hated language to touch web (PHP). I also mess around with phones and the such to frustrate forensic investigators.

    Nothing wrong with PHP.

    Bias notice: this site is coded in PHP.

×
×
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy