Forum List Message List New Topic Print View

unclepieman

April 20, 2011 11:10PM

Registered: 14 years ago
Posts: 80

I was easy... So you would use some admins stupidity to backup 23
years of experience? That makes no sense to me but hey its ok, its the
internet after all

Hope you find an answer to your problem

On 4/20/11, Cliff Wells <cliff@develix.com> wrote:
> On Wed, 2011-04-20 at 17:43 -0700, Payam Chychi wrote:
>> Cliff Wells wrote:
>> > On Thu, 2011-04-21 at 04:22 +0700, Joe wrote:
>> >
>> >> Put a daily backup on your databases. :)
>> >>
>> >
>> > That doesn't really solve the issue. Once someone has compromised the
>> > database, they can usually leverage that to gain wider system access.
>> >
>> > Cliff
>> >
>> >
>> >
>> > _______________________________________________
>> > nginx mailing list
>> > nginx@nginx.org
>> > http://nginx.org/mailman/listinfo/nginx
>> >
>> >
>> how does exploiting your db = wider system breach? sorry but that makes
>> no sense
>
> Easy. What data does your database store? Quite probably usernames and
> passwords. A fundamental truth is that people often use the same
> passwords for multiple services. If you can obtain the password for a
> company's CMS or Webmail application, chances are you now have their
> password for multiple services.
>
> For a recent and well-publicized example of this type of intrusion,
> Members of Anonymous hacked HBGary's database via a SQL-injection attack
> on their CMS, which eventually led to compromised email accounts. They
> then leveraged this to obtain more sensitive information via social
> engineering (using a stolen email address to get ssh passwords).
>
> http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars
>
>> and ive been doing system/network security & networking for
>> over 10 years.
>
> Well, I've been doing it for 23 years, so give yourself a little more
> time.
>
> Regards,
> Cliff
>
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx
>

--
Sent from my mobile device

Payam Tarverdyan Chychi
Network Security Specialist / Network Engineer

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Block SQL Injection	jacppe	April 20, 2011 01:05PM
Re: Block SQL Injection	SplitIce	April 20, 2011 01:26PM
Re: Block SQL Injection	Cliff Wells	April 20, 2011 04:24PM
Re: Block SQL Injection	Ryan Malayter	April 20, 2011 04:48PM
Re: Block SQL Injection	unclepieman	April 20, 2011 05:10PM
Re: Block SQL Injection	Joe	April 20, 2011 05:24PM
Re: Block SQL Injection	Cliff Wells	April 20, 2011 06:12PM
Re: Block SQL Injection	unclepieman	April 20, 2011 08:46PM
Re: Block SQL Injection	Cliff Wells	April 20, 2011 09:38PM
Re: Block SQL Injection	unclepieman	April 20, 2011 11:10PM
Re: Block SQL Injection	Cliff Wells	April 20, 2011 11:32PM
Re: Block SQL Injection	edogawaconan	April 20, 2011 11:42PM
Re: Block SQL Injection	Cliff Wells	April 21, 2011 12:00AM
Re: Block SQL Injection	António P. P. Almeida	April 20, 2011 05:44PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 302

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018