my tweets are severely limited by my lack of understanding of what I am doing.
To comply with the Fair and Accurate Credit Transactions Act a shared web app was set up, but it went unpatched.
Pokaż ten wątek
I buried this in a reply to Krebs, but: the 3 major US credit agencies have been running an unpatched, exploitable Apache Struts install.https://twitter.com/gossithedog/status/907376247046631424 …
-
-
-
Somebody posted public screenshots here of it getting exploited in March (when vuln was already old), wasn't fixed: http://xss.cx/2017/03/12/txt/cve-2017-5638-annualcreditreportcom-exploit-poc-content-type-http-header-example.html …pic.twitter.com/osiwyH95xn
Pokaż ten wątek -
I may write this up. The site is hosted by CGI for the three agencies but the security has question marks.
Pokaż ten wątek
Koniec rozmowy
Nowa rozmowa -
Wydaje się, że ładowanie zajmuje dużo czasu.
Twitter jest przeciążony lub wystąpił chwilowy problem. Spróbuj ponownie lub sprawdź status Twittera, aby uzyskać więcej informacji.