TL;DR: Setting up access control of AWS S3 consists of multiple levels each with its own unique risk of misconfiguration. We will go through the specifics of each level and identify the dangerous cases where weak ACLs can create vulnerable configurations impacting the owner of the S3-bucket and/or through third party assets used by a lot of companies. We also show how to do it properly and how to monitor for these sorts of issues.
Popular Google Chrome extensions are constantly tracking you per default, making it very difficult or impossible for you to opt-out. These extensions will receive your complete browsing history, all your cookies, your secret access-tokens used for authentication (i.e., Facebook Connect) and shared links from sites such as Dropbox and Google Drive. The Detectify team has identified how they are doing it and what options you have to avoid being affected by it.
So there’s this rumour that Apple iCloud have been hacked and a lot of celebrities privates photos are being leaked which is quite evident. The leak started the at 4chan.org, Sunday, at around 4pm. However very little evidence seem to be public (at the time of writing). So we’ll try to clarify what may have happened.