Y
Hacker News
new
|
ask
|
show
|
jobs
by
CommanderData
1651 days ago
I had our sec team try and blanket ban base64 strings on our WAF in response to log4shell. I'm talking body, url everything.
The reasoning was we probably don't use base64. I was amazed.
2 comments
SgtBastard
1651 days ago
I love that if you brought up that you can’t tell the difference between base64 encoding in URLs and other random alphanumeric strings, your cyber team would then get even more wide-eyed about “ex filtration attacks”.
link
djupblue
1650 days ago
Please ask them to write a regex that filters out those naughty base64 strings! Yes, "12345678" is a valid base64 string and so is "clueless".
link