Frackin script kiddies!!

David Kramer david-8uUts6sDVDvs2Lz0fTdYFQ at public.gmane.org
Tue Aug 3 00:46:51 EDT 2010


Jarod Wilson wrote:
> On Mon, Aug 2, 2010 at 11:55 PM, Richard Pieri <richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
>> Wrapping HTTP in SSL offers no protection to your server.  None.  Zilch.  Nada.  It protects the end to end traffic.  An attacker still has access to your authentication mechanism and can just as easily launch a brute force or exploit attack against it as he could if the traffic were clear instead of encrypted.
> 
> They can launch the same brute force attack and/or go for exploits
> against ssh. Or an ipsec vpn. Or anything public-facing. But
> seriously, who is going to expend the effort brute-force attacking my
> mythtv box to delete some recordings?

Who would expend ANY effort attacking my machine and deleting the
recordings?  Apparently several people.  What did they gain?  They got
to show off their super-duper mad skills (i.e. running a script they
found on the internet) to cause someone else pain.

Keep in mind it's the computer doing the brute forcing, not the person.
 It's no skin off of their back if it takes their script a few minutes
or  hours to do it.  They can be out tripping old ladies or selling
drugs while my machine is decimated.






More information about the Discuss mailing list