|
|
|
|
|
|
by dj_mc_merlin
1814 days ago
|
|
|
1. You wouldn't wait for a full build in that scenario, but deploy a known-good last image or emergency shut down. 2. If you are doing a full build and fail because of the regex DOS, then that build would also contain the attacker injected siphoning code, which would make your entire exercise futile in the first place 3. Not obviously messing with the network or crashing build machines would be a better way of siphoning data for longer. 4. This is very contrived. |
|
|