Re: [閒聊] 這可不只是打錯一個字的問題而已...
※ 引述《TonyQ (沉默是金。)》之銘言:
: 本日github 最火紅原始碼 XD
: https://github.com/MrMEEE/bumblebee/commit/a047be85247755cdbe0acce6#diff-1
讓我想到六七年前, 有間銀行一台Solaris交易主機上的系統忽然整個掛掉
一檢查嚇到,整個/etc/ , /home/, /usr/, .... 都被砍光光
第一時間當然是懷疑駭客入侵
對方找我當時的小主管去把整個硬碟倒回來追了3天
發現原因很有趣
對方用的交易系統裏運作邏輯大概是這樣
USER LOGIN
mkdir -p /var/tmp/directory/$user
if [check_login]
do_some_work
UNTIL USER LOGOUT
fi
rm -rf /var/tmp/$user
然後為了資安
該年該銀行找了間會計師事務所來進行弱點掃瞄
弱點掃瞄軟體理所當然地開始嘗試用 "../../../home/", "../../../etc/ 來嘗試登入....
就
...
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 111.80.17.95
→
06/17 15:06, , 1F
06/17 15:06, 1F
推
06/17 15:08, , 2F
06/17 15:08, 2F
→
06/17 15:50, , 3F
06/17 15:50, 3F
→
06/17 16:19, , 4F
06/17 16:19, 4F
→
06/17 16:20, , 5F
06/17 16:20, 5F
推
06/17 16:20, , 6F
06/17 16:20, 6F
→
06/17 16:20, , 7F
06/17 16:20, 7F
→
06/17 16:20, , 8F
06/17 16:20, 8F
→
06/17 16:20, , 9F
06/17 16:20, 9F
→
06/17 16:21, , 10F
06/17 16:21, 10F
→
06/17 16:22, , 11F
06/17 16:22, 11F
→
06/17 16:23, , 12F
06/17 16:23, 12F
→
06/17 16:23, , 13F
06/17 16:23, 13F
推
06/17 16:24, , 14F
06/17 16:24, 14F
推
06/18 01:13, , 15F
06/18 01:13, 15F
推
06/18 02:01, , 16F
06/18 02:01, 16F
→
06/18 09:59, , 17F
06/18 09:59, 17F
推
06/18 14:08, , 18F
06/18 14:08, 18F
→
06/19 09:46, , 19F
06/19 09:46, 19F
推
06/19 12:41, , 20F
06/19 12:41, 20F
討論串 (同標題文章)
本文引述了以下文章的的內容:
完整討論串 (本文為第 2 之 2 篇):