Re: [tlug] Hacktivists Ghost Shell dump 1.6m log-in details on web

[Darren Cook <darren@example.com>]

> More technically, dynamic websites mostly run on the LAMP (Linux/
> Apache/MySQL/Perl) platform.  Presumably they're attacking either the
> MySQL/PostgreSQL database directly (but why is that port exposed to
> the internet?) or there's a hole in the Perl/Python/PHP/Ruby[1]
> database interface (PHP sites especially sometimes put database
> queries in URLs!), or possibly in the ORM/web-framework layer.

It seems strange that it would be any major CMS package, as these SQL
exploits have been well known for over a decade now. Open source
packages, with any notable following, are tight, as they have had a lot
of highly paranoid eyeballs look at the code (or just try to hack it).

> But I would think you'd be something of an expert on this stuff,
> Darren?  Maybe I didn't understand your question?

I had no idea what "web content curation" was - I expected they'd say
"blog" or "CMS" if that was what they meant. Also, I wondered if all
sites were using the same system, or if a known bug was being exploited.

Darren

P.S. I love it when people cleverer than me call me an expert - it means
my marketing is working ;-)

-- 
Darren Cook, Software Researcher/Developer

http://dcook.org/work/ (About me and my work)
http://dcook.org/blogs.html (My blogs and articles)