Security
- Welcome.
- Scribe, Chat, Stenography.
- MeetEcho, Mic & Chat Etiquette.
- Ratings Where Appropriate.
- Approve Minutes from RIPE 90.
- New Meeting System - Pretalx.
- Finalise agenda.
- Code of Conduct.
As cloud adoption accelerates, the operational risks associated with misconfigured storage services like AWS S3, Google Cloud Storage, and Azure Blob Storage continue to grow. One critical but often overlooked threat is the leakage of sensitive secrets -- such as API keys, database credentials, and access tokens -- through publicly exposed configuration files.
In this talk, we present findings from a large-scale scan of publicly accessible cloud buckets, where we identified 215 real-world cases…
Miscreants use domain names for malicious purposes such as phishing websites or fake webshops. Reactive approaches such as blocklists play an important role in fighting such abuse but have limitations, namely that the domains are typically only included in such a list after abuse has been reported (e.g., there may already be some victims). We propose RegCheck, a system designed to proactively flag suspicious domains at registration time. The core of RegCheck is a machine learning classifier tha…