Security isn’t really glamorous. Generally, you can just ask someone for their password and they will tell you. This takes a little bit of flair if you are blindly calling a company, but it can still work.
More often than not, people will just leave a server exposed on the Internet that has bad credentials. AWS makes this really easy to do with EC2, as an example.
Exotic attacks still happen though. Given that this is an just IPTV service show schedule, my first guess would be a blind SQL injection. That is not really “exotic”. though.
@remotelove@dependencyinjection
Agreed. Such things are usually keeping in a kind of sandbox, so even if you access this list, you cannot go further. From the other hand, properly configuring security on this level usually skipped due to luck of time/money/wishes.
Security isn’t really glamorous. Generally, you can just ask someone for their password and they will tell you. This takes a little bit of flair if you are blindly calling a company, but it can still work.
More often than not, people will just leave a server exposed on the Internet that has bad credentials. AWS makes this really easy to do with EC2, as an example.
Exotic attacks still happen though. Given that this is an just IPTV service show schedule, my first guess would be a blind SQL injection. That is not really “exotic”. though.
@remotelove @dependencyinjection
Agreed. Such things are usually keeping in a kind of sandbox, so even if you access this list, you cannot go further. From the other hand, properly configuring security on this level usually skipped due to luck of time/money/wishes.