a*f
发帖数: 1790 | 1 内容如下
"What happened?
*** application servers run using Amazon Web Services. The configuration is
vast, consisting of thousands of servers. One of these was an old prototype
machine, which was the target of the breach.
The machine had been running since before 2012, and was not in active use.
It was penetrated using the shellshock vulnerability, and since it was no
longer in active use, it did not have the appropriate patch installed.
The old prototype machine had our AWS API access key and secret key. Once
the hacker gained access to the keys, he created an IAM user, and generated
a key-pair. He was then able to run an instance inside our AWS account using
these credentials, and mount one of our backup disks. This backup was of
one of our component services, used for production environment, and
contained a config file with our database password. He also whitelisted his
IP on our database security group, which is the AWS firewall.
He began to copy one of our tables, which contained partial user information
, including email IDs, hashed passwords, and last tested URL. His copy
operation locked the database table, which raised alerts on our monitoring
system. On receiving the alerts, we checked the logs, saw an unrecognized IP
, and blocked it right away. In that time, the hacker had been able to
retrieve only a portion of the data. Finally, using this data and the SES
credentials, he was able to 。。。。。" | a9
发帖数: 21638 | 2 我觉得可以设定一次读的记录太多就不允许读吧?
尤其是像这种用户表,一般也就读一条。
不过数据库好像不支持这么设定。
is
prototype
generated
using
his
information
IP
【在 a*f 的大作中提到】
: 内容如下
: "What happened?
: *** application servers run using Amazon Web Services. The configuration is
: vast, consisting of thousands of servers. One of these was an old prototype
: machine, which was the target of the breach.
: The machine had been running since before 2012, and was not in active use.
: It was penetrated using the shellshock vulnerability, and since it was no
: longer in active use, it did not have the appropriate patch installed.
: The old prototype machine had our AWS API access key and secret key. Once
: the hacker gained access to the keys, he created an IAM user, and generated
| g*****g
发帖数: 34805 | 3 看isolation level, select * 会锁表使得写无法同时进行。如果是大表就会使得应用
和数据库latency很长,触发alert。这不是防范黑客的方法,这纯粹是贼动静太大了而
已。
is
prototype
generated
【在 a*f 的大作中提到】
: 内容如下
: "What happened?
: *** application servers run using Amazon Web Services. The configuration is
: vast, consisting of thousands of servers. One of these was an old prototype
: machine, which was the target of the breach.
: The machine had been running since before 2012, and was not in active use.
: It was penetrated using the shellshock vulnerability, and since it was no
: longer in active use, it did not have the appropriate patch installed.
: The old prototype machine had our AWS API access key and secret key. Once
: the hacker gained access to the keys, he created an IAM user, and generated
| w**z
发帖数: 8232 | 4 我也觉得是这意思。
【在 g*****g 的大作中提到】
: 看isolation level, select * 会锁表使得写无法同时进行。如果是大表就会使得应用
: 和数据库latency很长,触发alert。这不是防范黑客的方法,这纯粹是贼动静太大了而
: 已。
:
: is
: prototype
: generated
| a*f
发帖数: 1790 | 5 前天发生的,不知道贼这次从这台服务器上偷走了多少access key和secret key,还有
多少application现在还蒙在鼓里。以后关键表的SELECT必须带验证了。
【在 g*****g 的大作中提到】
: 看isolation level, select * 会锁表使得写无法同时进行。如果是大表就会使得应用
: 和数据库latency很长,触发alert。这不是防范黑客的方法,这纯粹是贼动静太大了而
: 已。
:
: is
: prototype
: generated
|
|
