Michael Chan

905 posts

Michael Chan

@mchancloud

Father of two boys, guitar and uke player. Identity, GenAI, and security architect. My opinions are my own.

Chicago, IL 가입일 Mart 2014

311 팔로잉1.1K 팔로워

고정된 트윗

Michael Chan@mchancloud·21 Şub

🔐If you ever need to call the AWS IAM or STS APIs, or want a snapshot of your IAM resources (users, roles, and policies), or just want to learn more on IAM's behavior, check out my two-part blog on this topic! aws.amazon.com/blogs/security…

English

3.7K

Michael Chan@mchancloud·8 Ağu

It's these types of exploits that make me extra careful when reviewing the security apps that use LLMs.

Tamir Ishay Sharbat@tamirishaysh

We got ChatGPT to leak sensitive data from your Google Drive data back to OUR servers. And you’ll never even know it happened. All by sharing a single document. A real 0-click data exfil attack. Here’s a detailed breakdown of how we did it 🧵 #DEFCON #BHUSA @mbrg0

English

142

Michael Chan@mchancloud·14 Oca

@canva If this isn't reflective of your sales culture, then I'd appreciate a DM on how we can resolve this. My job is to review vendors on their AI-related security controls, and up to now all vendors have willingly complied, enterprise version or not. @canva thoughts?

English

Michael Chan@mchancloud·14 Oca

Hey @canva, you told us that you wouldn't answer security questions "without purchase of the Enterprise version". Is this reflective of your attitude towards customers who care about security, privacy, and compliance especially with the concerns everyone has around AI? Do better!

English

167

Michael Chan@mchancloud·28 Ağu

I'd recommend this anyone needed to skill up on AWS IAM!

English

206

Michael Chan@mchancloud·22 Ağu

While not working on ☁️IAM security🔒, I've had to dive in Microsoft Copilot & Copilot Studio security. Copilot Studio is a no/low-code agent and chatbot platform with many integrations to your MS tenant, SNOW, Facebook, etc. Make sure your developers configure this securely!

Michael Bargury@mbrg0

a short summary of all new attack vectors, lol techniques and tools we published at bh/dc (400 words) labs.zenity.io/p/summary-zeni…

English

300

Michael Chan@mchancloud·29 Haz

A 🪲 bug with Google Search's AI Overview feature? Either way its completely incoherent.... in repudiateas in scowlas in spurnas in turn downas..!

English

142

Michael Chan 리트윗함

Arynn Crow@arynncrow·3 Oca

ICYMI!

AWS Identity@AWSIdentity

In mid-2024, we're enhancing your sign-in experience. 🌟 Expect a new UI for root & IAM users and an updated switch role page. Improved navigation for a seamless sign in experience. 💡 Discover more in our latest blog: go.aws/3v2jHj7

Polski

518

Michael Chan@mchancloud·18 Ara

Happy holidays everyone! Wishing you all a happy and secure Christmas season. Gingerbread house kit courtesy of @wiz_io and @SolvangBakery.

English

396

Michael Chan 리트윗함

Ilya Epshteyn@IlyaEpshteyn·2 Kas

Awesome to see this in the docs now! Also check out this great session from @colmmacc where he covers FAS: youtube.com/watch?v=4J8REv…

YouTube

Michael Chan@mchancloud

👉For those who want more on AWS security internals, we finally have a great page describing Forward Access Sessions, the vehicle by which many AWS services does things on behalf of you. docs.aws.amazon.com/IAM/latest/Use… @AWSIdentity

English

615

Michael Chan@mchancloud·2 Kas

English

9.9K

Michael Chan 리트윗함

kat traxler@NightmareJS·2 Eki

As of next year, #google will require premium subscriptions for things like IAM Recommender, Role Insights, etc. This is the OPPOSITE of their mantra calling for shared fate instead of the shared responsibility model. A massive loss in credibility.

GCP Weekly@gcpweekly

Policy Intelligence update on September 28, 2023 cloud.google.com/policy-intelli… #googlecloud After January 15, 2024, some Policy Intelligence features will only be available for customers with organization-level activations of Security 1/2

English

19.6K

Michael Chan 리트윗함

Peter C@itspeterc·2 Eki

Big pricing change to a valuable GCP security feature for least-privilege IAM. Requiring the org-level SCC Premium bundle instead of a pay-as-you-go per-service price will be prohibitively expensive and detrimental to security for many customers in the long run. @philvenables

GCP Weekly@gcpweekly

English

10.2K

Michael Chan@mchancloud·29 Eyl

Shame on you @googlecloud. Your competitor's AWS IAM Access Analyzer is free, and will likely remain so. If you cared about customer security, you're certainly not showing it.

English

198

Michael Chan@mchancloud·29 Eyl

"What will require SCC Premium: IAM Recommender, including lateral movement insights, role recommendations for non-basic roles, recommendations for custom roles, and recommendation for Google Cloud Storage buckets. Policy Analyzer at scale (above 20 queries per day)."

English

208

Michael Chan@mchancloud·29 Eyl

😠Wondering today why @googlecloud charges for security features that @awscloud gives away for free. Shouldn't customer security be paramount? "What will require Security Command Center Premium: IAM Recommender, including lateral movement insights, role recommendations ..."

English

1.6K

Michael Chan@mchancloud·20 Eyl

@benbridts What direction is that?

English

103

Ben Bridts‏@benbridts·20 Eyl

"This open source solution that AWS made will configure a landing zone for you" will keep making me sad about the direction Control Tower ended up taking

English

1.1K

Michael Chan@mchancloud·18 Eyl

Coming from someone reviewing the security controls that can be enabled in Azure, this isn't too comforting. AWS I know has a strong security culture, but much less sure about Microsoft.

Wiz@wiz_io

🔒 What happened? While releasing open-source training datasets, Microsoft's AI research team accidentally left the vault door open 👀 Over 38TB of data (!), including personal backups of employee workstations, private keys, and internal Microsoft Teams messages, were exposed.

English

433

Michael Chan@mchancloud·31 Ağu

Google's use of the vuln list cloudvulndb.org to claim better security than other CSP's is a classic example of misusing statistics by not understanding how the data has been curated and represented. @0xdabbad00

English

726

Michael Chan@mchancloud·14 Ağu

@alexadevs I was owed a May 13th payment, but its after 90 days, and according to your policy my money is now forfeit! I really hope this is not the case. I have upcoming payments as well :| Talking with Alexa support has not helped either.

English

Michael Chan@mchancloud·14 Ağu

Hey @alexadevs, my Alexa skill has earned $$ the past few months, but it's never been credited to my bank account even though I've provided the info as asked in the developer console. Can you assist? I hope no other devs have this issue!

English

265

탐색

@canva @wiz_io @SolvangBakery @colmmacc @AWSIdentity @philvenables @googlecloud @awscloud