Nice catch! Saw the same thing you did, and I had the same reaction. MAYBE (hopefully 🫤) it's a public-facing account used for demos, at least I hope so. Security auditing is my main gig (mostly red teaming, aka "uuhh, your EDR is down brah?" kinda work), and reading comments like yours makes me happy. I'm glad that more people are tuned into and aware of these SEEMINGLY tiny details; tiny details that can be used to take over and lock someone out of their account(s) before they even realize they made a mistake. I know the number of people clued into this kinda stuff isn't nearly as large as it should be, especially with the ubiquity of network infrastructure, but considering that people still won't take the literal seconds out of their day to change default passwords when they buy new hardware, well, ANY win is worth pointing out! And to any of the FAR TOO COMMON "is it REALLY that big of a deal? It was on the screen for like a second . . . " type of commenter . . . . TWO things. First of all: 😳. Second, even without a password, there are SO MANY NASTY THINGS that someone with motivation and know-how can do with JUST a username . . . . ESPECIALLY ON AWS! 🙂🐧🐧🙂
Hello, I followed the video step by step, but in the end I get the error: [I] AWS IoT: connecting to MQTT endpoint (my server) . . . . . [E] AWS IoT: MQTT connection failed. Error Code: -2 Logging output is: [W] AWS IoT disconnected - reconnecting . . . . . . . [E] AWS IoT: MQTT connection failed. Error Code: -2 Followed by my data Do you have any suggestions?
Great video. Reminded me of the fact that it seems like 95% of the work in AWS around permissions. :)
Not sure if it matters, but you hid your account login name then its visible on the next screen after you clicked login.
Nice catch! Saw the same thing you did, and I had the same reaction. MAYBE (hopefully 🫤) it's a public-facing account used for demos, at least I hope so. Security auditing is my main gig (mostly red teaming, aka "uuhh, your EDR is down brah?" kinda work), and reading comments like yours makes me happy. I'm glad that more people are tuned into and aware of these SEEMINGLY tiny details; tiny details that can be used to take over and lock someone out of their account(s) before they even realize they made a mistake.
I know the number of people clued into this kinda stuff isn't nearly as large as it should be, especially with the ubiquity of network infrastructure, but considering that people still won't take the literal seconds out of their day to change default passwords when they buy new hardware, well, ANY win is worth pointing out!
And to any of the FAR TOO COMMON "is it REALLY that big of a deal? It was on the screen for like a second . . . " type of commenter . . . . TWO things.
First of all: 😳.
Second, even without a password, there are SO MANY NASTY THINGS that someone with motivation and know-how can do with JUST a username . . . . ESPECIALLY ON AWS!
🙂🐧🐧🙂
Yo! Great video and where can I get that orange USB cable so I don't have to keep so many different cables around lol
Super helpful: www.sparkfun.com/products/21271
Hello, I followed the video step by step, but in the end I get the error:
[I] AWS IoT: connecting to MQTT endpoint (my server) . . . . . [E] AWS IoT: MQTT connection failed. Error Code: -2
Logging output is:
[W] AWS IoT disconnected - reconnecting . . . . . . . [E] AWS IoT: MQTT connection failed. Error Code: -2
Followed by my data
Do you have any suggestions?
Why so they can sell it to high frequency trading firms to be used to steal money from retail investors?
I would expect more professional names :) instead of just ..._2_ for thingsname and ... (1) ... for filenames.