|
|
|
|
|
|
by emteycz
1493 days ago
|
|
|
They're not attacking the sites, they're attacking the users. Incentives are exactly the same with readonly sites. I'm a web programmer and I have no idea how the law enforcement could in any way help. Nor do I want them to. The idea that I have to cooperate with law enforcement to put a site online is absurd. See "Tech support scams" on YouTube to see what's being done today. We're talking about billion-dollar crime organizations. |
|
|
You're updating the firmware on a server. The firmware is signed, so the attacker cannot outright put their own firmware on your system. The version you're using currently is secure, and the version you want to go to is secure, but there are versions in between that are insecure. All an attacker needs to do is modify the DNS and http stream to feed the firmware with an RCE to you, and then they can directly take over your server.