Many webapps are installed in an unconfigured state, and you visit the app through the browser to set an admin password. This was always a race against attackers, but in the past you'd usually win. Thanks to CT, attackers learn about and probe new hostnames within minutes. (2/4)
-
-
Prikaži ovu nit
-
Unless you visit the app to configure it right away, attackers will find it, take it over, and use it for malware, phishing, spam, etc. (3/4)
Prikaži ovu nit -
If you're designing a webapp, have the initial admin password be configured out-of-band rather than through the browser. If you know of a webapp that sets the initial admin password through the browser, file a bug, citing the CT Honeypot research. (4/4)
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.