|
|
|
|
|
|
by Veratyr
3455 days ago
|
|
|
I don't think you quite understand the comment you're replying to. By my reading at least, it's saying "hack" = "heist" and that "heist" is being used somewhere where "robbery" is more appropriate. I agree that if you leave your door unlocked, it's a robbery but it's not a heist. Likewise, if you leave your database publicly accessible, it's extortion through technical means but it's not hacking. > Is misconfiguring MongoDB really that different from e.g. installing a Wordpress plugin with a security flaw and getting hacked via that? Yes. A service that is configured to be publicly accessible is very different to a service that requires active exploitation. Misconfiguring MongoDB is more like making your Wordpress admin page the home page and removing all login requirements. |
|
|