• Cyber Safety
  • Posts
  • “Broken Defaults”: Misconfig, Legacy Access & Silent Permissions

“Broken Defaults”: Misconfig, Legacy Access & Silent Permissions

October 27, 2025

In partnership with

Read newsletters, not spam

Tired of newsletters vanishing into Gmail’s promotion tab — or worse, being buried under ad spam?

Proton Mail keeps your subscriptions organized without tracking or filtering tricks. No hidden tabs. No data profiling. Just the content you signed up for, delivered where you can actually read it.

Built for privacy and clarity, Proton Mail is a better inbox for newsletter lovers and information seekers alike.

Default Admin Roles Are Rarely Reviewed Post-Deployment

SaaS platforms often assign full admin rights to the first user. Years later, those rights remain, even for users who no longer need them.

Misconfigured S3 Buckets and Cloud Storage Still Abound

Despite years of breaches, public access on S3, Azure Blob, or Google Cloud buckets remains a common misstep — often caused by automation scripts or old templates.

Firewalls Relying on Source IPs Alone Are Easily Bypassed

Default security groups or ACLs that whitelist specific IPs are being bypassed via VPNs, proxies, or cloud-based pivots that spoof origin.

Find out why 100K+ engineers read The Code twice a week.

That engineer who always knows what's next? This is their secret.

Here's how you can get ahead too:

  • Sign up for The Code - tech newsletter read by 100K+ engineers

  • Get latest tech news, top research papers & resources

  • Become 10X more valuable

Legacy Applications Retain Deprecated Permissions

Old systems often keep admin features or hardcoded credentials even after updates — especially when "backward compatibility" is prioritized over security.

Orphaned Access in IAM Is Becoming a Norm

Users who changed teams or left the company often retain unnecessary group memberships, app roles, or shared drive access long after departure.

Defaults Still Permit Auto-Install of Unvetted Apps

In many organizations, end users can install browser extensions, VS Code packages, or desktop apps without review — opening the door to malware-laced tools.

The Gold standard for AI news

AI will eliminate 300 million jobs in the next 5 years.

Yours doesn't have to be one of them.

Here's how to future-proof your career:

  • Join the Superhuman AI newsletter - read by 1M+ professionals

  • Learn AI skills in 3 mins a day

  • Become the AI expert on your team