Very important security lesson for generalist web devs: code execution on any box means you lose *everything.*https://twitter.com/tqbf/status/635891512413327361 …
-
-
"What's the harm of someone popping an internal analytics tool?" It on the network with production machines? You lost everything in prod.
-
"We're totally patched on all software we use." Did you forget about one intern's pet project from two years ago on EC2? Same network? Lose.
- 5 more replies
New conversation -
-
-
@patio11 Everything on that server, to credentials of server. Which is why defense in depth, avoid the "in the building, must belong" hole. -
@patio11 E.g. more places should really be structured such that you can lose the web server without hosing billing. - 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.