Lock the front door, you chumps
A British video-editing startup exposed what is claimed to be "thousands" of user-uploaded videos, including family films and home-made pornography, in an unsecured Amazon AWS bucket.
Research by Noam Rotem and Ran Locar, for security biz vpnMentor, revealed that VEED.io left an AWS bucket completely unsecured and hosting what they summarised as "10,000s of videos" that were accessible to anyone visiting the bucket's URL.
VEED bills itself as an online video-editing service that lets users add subtitles, text, effects and more to uploaded videos. A free tier allows this to be done for videos in 240px quality; anything better than that needs a subscription.
Rotem and Locar found that one could visit the landing page hosting the videos with a web browser and theoretically look through them at one's leisure without needing to provide ..
Support the originator by clicking the read the rest link below.
