this post was submitted on 29 Nov 2023
272 points (99.3% liked)

Ukraine

8285 readers
576 users here now

News and discussion related to Ukraine

*Sympathy for enemy combatants is prohibited.

*No content depicting extreme violence or gore.

*Posts containing combat footage should include [Combat] in title

*Combat videos containing any footage of a visible human must be flagged NSFW


Donate to support Ukraine's Defense

Donate to support Humanitarian Aid


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 8 points 1 year ago (1 children)

Probably because it's going to be something boring, like social engineering to get credentials, maybe a disgruntled employee or idiotic security configuration.

[–] [email protected] 7 points 1 year ago (1 children)

Boring is subjective. I’m always intrigued by how people gain access.

Although, I am aware of many of the techniques used I find it fascinating.

Darknet diaries is a great podcast for these kinds of things.

[–] [email protected] 2 points 11 months ago (1 children)

Security isn't really glamorous. Generally, you can just ask someone for their password and they will tell you. This takes a little bit of flair if you are blindly calling a company, but it can still work.

More often than not, people will just leave a server exposed on the Internet that has bad credentials. AWS makes this really easy to do with EC2, as an example.

Exotic attacks still happen though. Given that this is an just IPTV service show schedule, my first guess would be a blind SQL injection. That is not really "exotic". though.

[–] [email protected] 2 points 11 months ago

@remotelove @dependencyinjection
Agreed. Such things are usually keeping in a kind of sandbox, so even if you access this list, you cannot go further. From the other hand, properly configuring security on this level usually skipped due to luck of time/money/wishes.