Twitter | Pretraživanje | |
Andrew Ayer
The CT Honeypot has important implications for how web applications should be designed. (1/4)
Reply Retweet Označi sa "sviđa mi se" More
Andrew Ayer 5. stu 2018.
Odgovor korisniku/ci @__agwa
Many webapps are installed in an unconfigured state, and you visit the app through the browser to set an admin password. This was always a race against attackers, but in the past you'd usually win. Thanks to CT, attackers learn about and probe new hostnames within minutes. (2/4)
Reply Retweet Označi sa "sviđa mi se"
Andrew Ayer 5. stu 2018.
Odgovor korisniku/ci @__agwa
Unless you visit the app to configure it right away, attackers will find it, take it over, and use it for malware, phishing, spam, etc. (3/4)
Reply Retweet Označi sa "sviđa mi se"
Andrew Ayer 5. stu 2018.
Odgovor korisniku/ci @__agwa
If you're designing a webapp, have the initial admin password be configured out-of-band rather than through the browser. If you know of a webapp that sets the initial admin password through the browser, file a bug, citing the CT Honeypot research. (4/4)
Reply Retweet Označi sa "sviđa mi se"