undefined | Better HN

0 pointsceejayoz4y ago0 comments

Intent tends to matter.

I once reported an exposed AWS access key (someone posted it to StackOverflow) to AWS support and they weren't quite sure what to do with it; gave me instructions on how to disable it in the Console, but it wasn't mine.

I gave up after a couple rounds and just committed it to Github; their credential monitoring bot disabled it within seconds.

0 comments

Aeolun4y ago

> their credential monitoring bot disabled it within seconds

This is Amazon’s monitoring bot right?

bombcar4y ago

It’s a GitHub feature: https://docs.github.com/en/code-security/secret-security/abo...

tinus_hn4y ago

I’m not sure what that anecdote says about the legality of using these keys to authenticate as someone you’re not.

ceejayozOP4y ago

I misused someone's credentials with good intent. It's an example of why intent matters, and the CFAA (and lots of other laws) includes wording like "knowingly and with intent to x" in quite a few spots.

j / k navigate · click thread line to collapse