Russ Garrett on Nostr: FYI: the VW Volksdaten exploit wasn't quite an open S3 bucket - they managed to ...
FYI: the VW Volksdaten exploit wasn't quite an open S3 bucket - they managed to remotely extract AWS keys from a JVM heap dump using this (terrible) default configuration issue in older versions of "Spring Boot Actuator": https://www.wiz.io/blog/spring-boot-actuator-misconfigurations#1-exposed-heapdump-file-16
But also VW claimed they were truncating the precision of stored coordinates, but for a load of car models they weren't...
Hopefully there will be a full writeup somewhere soon, it was quite a good talk.
But also VW claimed they were truncating the precision of stored coordinates, but for a load of car models they weren't...
Hopefully there will be a full writeup somewhere soon, it was quite a good talk.