It's like you've never heard of SQL injection, can't imagine an indirect attack could be possible.
We weren't talking about that, we were talking about having databases accessible to the public. I'm fully asware there are other attack vectors, but having your DB on a public port/machine is up there with using "p@ssword" as your password.
When we got rid of DBAs (developers know how to use databases yeah? why do we need people who can only do one thing really well?) we lost a lot of knowledge and culture - including the basic tenet that you simply do not expose business-critical database systems to the outside world.
To be fair, it's not a hard thing to check for. Just run a portscan. If you can see the database from a different box, you fucked up and need to fix it.
> the attacker simply replaced all the tables with a data entry named NODATA4U_SECUREYOURSHIT. "What's strange about these attacks is that the threat actor isn't asking for a ransom demand," reports Bleeping Computer. "Instead, he's just deleting data from Hadoop servers that have left their web-based admin panel open to remote connections on the Internet."
Glad to see there's still some people doing it for the lulz.
Still stupid.
I have seperate passwords for all the sites/devices I own. The trick to remembering them is to have a system - so if you forget it you can work out what the system is depending on the site.
Don't do something stupid like have the website name as the password though, obviously...and I can't tell you my system because then it would be compromised. Have a think though, and I'm sure you could come up with something.
Well let's give it a hundred years and see if their claim is true.
There'll be some red faces if it isn't. Oh wait, there won't everyone involved will be dead.
And that's saying something.
It won't even kill the internet anyway, just a large chunk of it (ie some backbone stuff, not all).
It will be an inconveniance, but life will go on.
God damn it, fucking america.
I know, it's pointless. Really, the data only has to last until it is trqansfered to another medium. Make sure redundant backups are made, and transfer them to new medium regularly, and things should be fine.
If it wasn't, bad. Simple enough. Apart from who decides that...
I would hope in the future to see an option to disable this "feature" on android phones, but I doubt it will happen.
For all the linux users who buy a new box and get the windows tax, that's exactly what it's like, albeit on a smaller scale. Thankfully, I build my own machines.
Slashdot Mirror
Slashdot Becomes World's First iPhone-Exclusive News Site, Offers Year of Shilling (For Free).
It would certainly explain these results.
Trump Making A List Of All The People Trying To Stop The Travel Ban, Vows Swift And Violent Retribution
It's like you've never heard of SQL injection, can't imagine an indirect attack could be possible.
We weren't talking about that, we were talking about having databases accessible to the public. I'm fully asware there are other attack vectors, but having your DB on a public port/machine is up there with using "p@ssword" as your password.
When we got rid of DBAs (developers know how to use databases yeah? why do we need people who can only do one thing really well?) we lost a lot of knowledge and culture - including the basic tenet that you simply do not expose business-critical database systems to the outside world.
To be fair, it's not a hard thing to check for. Just run a portscan. If you can see the database from a different box, you fucked up and need to fix it.
The fact that not all software developers think security is their problem is what is making software worse. Security is EVERYONE'S problem.
> the attacker simply replaced all the tables with a data entry named NODATA4U_SECUREYOURSHIT. "What's strange about these attacks is that the threat actor isn't asking for a ransom demand," reports Bleeping Computer. "Instead, he's just deleting data from Hadoop servers that have left their web-based admin panel open to remote connections on the Internet." Glad to see there's still some people doing it for the lulz.
Still stupid. I have seperate passwords for all the sites/devices I own. The trick to remembering them is to have a system - so if you forget it you can work out what the system is depending on the site. Don't do something stupid like have the website name as the password though, obviously...and I can't tell you my system because then it would be compromised. Have a think though, and I'm sure you could come up with something.
I don't understand people who even save passwords, let alone full profiles of themselves.
How soon ye forget.
Just got doxed.
Well let's give it a hundred years and see if their claim is true. There'll be some red faces if it isn't. Oh wait, there won't everyone involved will be dead.
If it's an open source closed box rejigging of it, that's better for humanity. Everyone can improve upon it then.
This innovation sure beats that whole punch card technology.
I'm an Englishman, you asstard. Check your sarcasm detector.
I know. Anyone would think they had invented the internet, or the computer.
And that's saying something. It won't even kill the internet anyway, just a large chunk of it (ie some backbone stuff, not all). It will be an inconveniance, but life will go on. God damn it, fucking america.
This is one of the most original comments I have ever seen. :rolleyes:
I know, it's pointless. Really, the data only has to last until it is trqansfered to another medium. Make sure redundant backups are made, and transfer them to new medium regularly, and things should be fine.
[citation needed] Once the code is run, you can't be totally sure what it will do, unless you compiled it from source.
If it wasn't, bad. Simple enough. Apart from who decides that... I would hope in the future to see an option to disable this "feature" on android phones, but I doubt it will happen.
For all the linux users who buy a new box and get the windows tax, that's exactly what it's like, albeit on a smaller scale. Thankfully, I build my own machines.
Best troll I've seen in a while, well done.
Slashdot/4chan. Anonymous posting is what you want. I realise the irony of posting this regged.
As somebody whose girlfriend recently changed her password, let me say it does have an effect.