Hacker News new | past | comments | ask | show | jobs | submit login

Yes. You can't use force or coercion to rob a server of data, all you can do is ask nicely (or repeatedly).

In a just world, we would let full responsibility lie with those who deployed the machines without understanding the consequences of, e.g., no login failure rate limiting.




an exploit is asking nicely, all I did was GET /????\n\n\n\nfjasdfuisdjflkwenuadfnwerAAJLKJFIEFSEIFJSDLFKJERIWERRISLDKJLDKJF and then I connected to a shell on port 8118? I mean, it just answered the request ...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: