• sandalbucket@lemmy.world
    link
    fedilink
    arrow-up
    8
    ·
    5 months ago

    And if google dorks aren’t interesting enough, because google does not index enough public buckets for you, then we get to learn about gray hat warfare too :)

    • stevedidwhat_infosec@infosec.pub
      link
      fedilink
      arrow-up
      8
      ·
      5 months ago

      Allow me to introduce the often abused Computer Fraud and Misuse act: https://en.m.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act

      If you’d like to lose the ability to use ANY sort of technology for decades if not indefinitely, go ahead with the greyhat stuff.

      The sector of lawfully using your knowledge for good is ever expanding and pays well. I’d strongly advise using your powers for good and dodge any unnecessary risk if you enjoy doing what you do.

      9/10 times, it ain’t worth the risk. Being strategic and thinking things over carefully (err on the side of least action) is going to benefit you

      • sandalbucket@lemmy.world
        link
        fedilink
        arrow-up
        15
        ·
        5 months ago

        My apologies, allow me to elaborate - grayhatwarfare.com is a cybersecurity company that crawls and indexes publicly-available blob stores, like s3 buckets, azure storage accounts, digital ocean spaces, and google cloud object stores. They offer limited search capabilities for free, no account-wall.

        They are a legitimate cybersecurity company, despite their name.

        My employer is working on a sensitive data scanning service, to alert clients in case their information surfaces in these buckets (even if they do not own the bucket), leveraging the grayhatwarfare api. In short, allowing us to detect and remediate the problem, which I hope you will agree is a white-hat activity :)

        I do not publicly condone breaking the law. I reserve the right to criticize the DMCA tho ;)