C.<p>Guide to Interpreting Security Incident <a href="https://mindly.social/tags/Announcements" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Announcements</span></a>:</p><p>"extremely sophisticated attack" : The attackers put more time into the attack than we spent designing our defences.</p><p>"no evidence customer <a href="https://mindly.social/tags/data" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>data</span></a> was accessed" : We lack audit records and the logs have been rotated out.</p><p>"due to a misconfiguration issue" : We deployed with default <a href="https://mindly.social/tags/insecure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>insecure</span></a> settings.</p><p>"possible for only a short window" : We didn't dig too deep to determine how far back the bug existed.</p><p>"crafted invalid request data" : We forgot to add input <a href="https://mindly.social/tags/validation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>validation</span></a>.</p><p>"supplementary fix" : We didn't understand the problem as well as we thought, so our previous fix was insufficient.</p><p>"may have been exploited" : We're positive they got away with data, but they deleted our <a href="https://mindly.social/tags/logs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>logs</span></a>.</p><p>"multiple threat actors" : Everyone was in our systems before we noticed.</p><p>"most customers are unaffected" : There are corner cases that aren't as <a href="https://mindly.social/tags/vulnerable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerable</span></a>.</p><p>"error in a third-party component" : We forgot to update our dependencies.</p><p>"could lead to remote code execution" : You're <a href="https://mindly.social/tags/p0wned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>p0wned</span></a>.</p><p>"malicious activity has been observed" : The issue has already appeared in the press.</p><p>"review equipment inventory to verify if devices require other mitigations" : You need to buy new stuff.</p><p>"remotely exploited to allow authentication bypass" : We forgot to require <a href="https://mindly.social/tags/login" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>login</span></a> for this function.</p><p>"not aware of any exploits in the wild" : The attackers aren't bragging on darkweb fora yet.</p><p><a href="https://mindly.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://mindly.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mindly.social/tags/incident" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>incident</span></a> <a href="https://mindly.social/tags/obsolete" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>obsolete</span></a> <a href="https://mindly.social/tags/vendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vendor</span></a> <a href="https://mindly.social/tags/system" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>system</span></a> <a href="https://mindly.social/tags/configuration" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>configuration</span></a></p>
Recent searches
No recent searches
Search options
Not available on mastodon.xyz.
mastodon.xyz is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon instance, open to everyone, but mainly English and French speaking.
Administered by:
Server stats:
820active users
mastodon.xyz: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.4
#P0WNED
0 posts · 0 participants · 0 posts today
Albert Cardona<p>Of the top 20 "404"s of my personal website, 18 are for WordPress pages. My blog is entirely static, i.e., these failed requests are attempts at hacking. The other two are for ".git" and for ".env".</p><p>Be careful out there. If you use WordPress at all, the likelihood you've let something open is high; lots of surface of attack. Read the manual.</p><p><a href="https://mathstodon.xyz/tags/WebMaster" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebMaster</span></a> <a href="https://mathstodon.xyz/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://mathstodon.xyz/tags/p0wned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>p0wned</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload