Very important security lesson for generalist web devs: code execution on any box means you lose *everything.*https://twitter.com/tqbf/status/635891512413327361 …
-
-
Replying to @patio11
"How do I protect my database if my webapp is compromised?" You don't. You lose the database.
2 replies 5 retweets 4 likes -
Replying to @patio11
"What's the harm of someone popping an internal analytics tool?" It on the network with production machines? You lost everything in prod.
1 reply 1 retweet 2 likes -
Replying to @patio11
"We're totally patched on all software we use." Did you forget about one intern's pet project from two years ago on EC2? Same network? Lose.
4 replies 3 retweets 7 likes -
Replying to @patio11
"So OK I agree with that theoretically but does it actually matter?" Asked guy on top of HN, wondering why he was hosting botnet in ~Jan14.
1 reply 0 retweets 4 likes -
Replying to @jscottmiller
@patio11 Not trying to be pedantic, but we could do a better job educating people about ways to mitigate. Network isolation, ACLs, etc.1 reply 0 retweets 0 likes -
Replying to @jscottmiller
@patio11 *considers how much time a 6 week node programming bootcamp is going to dedicate to security* ... nevermind we're totally fucked.1 reply 0 retweets 0 likes
@jscottmiller If you think e.g. banks with $$$ and teams of expert security staff get this right, buy @tqbf or @bobotjones beer.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.