DEFCON talk mentions rclone as target

Apparently at some hacker confab called DEFCON, an anonymous participant is planning a talk/demonstration on compromising seedboxes (much of which is applicable to servers as well): "Mass Owning of Seedboxes - A Live Hacking Exhibition" Anon, Hacker - DEF CON Forums

The hacker has put up the slides for the talk/demonstration here

This would be of limited interest here but for the first bullet point on slide 10:

• Rclone.conf is a great target

It's not clear from the slides what it is that makes .rclone.conf a "great target" (beyond "plaintext creds") and I'm not really competent to guess, but others might be.

Make of this what you will.

1 Like

Actually the last slide gives good summary - and it is 100% right:)

Be careful…
Seedboxes protect you from your ISP - but that is all they do.
Your data is still at risk. Your data can/will be found.
If you pay for illegal things don’t get mad when they are stolen.
Don’t expect admins who run seedboxes to know anything about security.
Don’t put API keys or passwords on seedboxes… you moron.
The FEDs could be doing these same attacks. I could see the real source IPs for
all other users in last logs.
Lots of people used their same username on different providers.
Lots of people would tunnel data back to their home machine, or SSH to other
boxes, like idiots.

FUD, just use your brain and you're good to go...

Just to be clear: if someone has your rclone.conf they have access to your cloud account(s) in it.
Don't leave rclone.conf on your seedbox if you are not actively using it.