bion howard

@adrianhall https://en.wikipedia.org/wiki/Vulnerability_(computing) A resource (either physical or logical) may have one or more vulnerabilities that can be exploited by a threat agent in a threat action. The result can potentially...

Tired of games. Just sent the following email to Adrian Hall and Saroj Thatte and Jeff Bezos: --- I dont know how long I have to be relentless about this...



[https://en.wikipedia.org/wiki/Health_Information_Technology_for_Economic_and_Clinical_Health_Act](https://en.wikipedia.org/wiki/Health_Information_Technology_for_Economic_and_Clinical_Health_Act) [https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act](https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act) [https://en.wikipedia.org/wiki/False_advertising](https://en.wikipedia.org/wiki/False_advertising) ?

I forgive AWS for this delay because I didn’t realize the severity of the issue myself either. Azure and GCP also verify these fields independently. Only noticed this because I’m...

1, More Forms, (not so bad, just crappy UX) 2. Confirm Accounts with Any Email, (not so bad, sure) 3. Deny Accounts with Any Email

@elorzafe @adrianhall Here's some code to fix this issue (from above) **Client:** Auth.signUp(userData) Auth.confirmSignUp(emailCode, phoneCode) **Server:** const signup = (req, res) => { // do email and phone already exist...

@undefobj Thanks, considering this... Ever get robo dialed? I do, a lot. **_Even comes from my own telephone number sometimes._** Clearly, it is easy for anyone to generate phone numbers...

@undefobj It’s a bug, not a feature. HIPAA compliance eligibility is already advertised as a production feature of cognito, this vulnerability prevents the Cognito system from being highly available in...