Attention Required! | Cloudflare
htxt.co.za
  • Hours after the US airstrike on Iranian territory, Iranian-backed hackers took down US President Donald Trump’s social media platform.
  • Users were struggling to access Truth Social in the early morning following the alleged hack.
  • As the US continues to insert itself into the ongoing Iran-Israel conflict, the US government believes more cyberattacks could happen.
      • Kazumara@discuss.tchncs.deEnglish
        6·
        4 hours ago

        I’d start with the following, and refine if necessary:

        “Gaining unauthorized access to a protected computer resource by technical means.”

        • Port scanning --> Not hacking because there isn’t any access to resources gained*
        • Using default passwords that weren’t changed --> Not hacking because the resource wasn’t protected*
        • Sending spam --> Not hacking because there isn’t any access to resources gained
        • Beating the admin with a wrench until he tells you the key --> Not hacking because it’s not by technical means.
        • Accessing teacher SSN’s published on the state website in the HTML --> Not hacking because the resource wasn’t protected, and on the contrary was actively published**
        • Distributed denial of service attack --> Not hacking because there isn’t any access to resources gained

        * Those first two actually happened in 2001 here in Switzerland when the WEF visitors list was on a database server with default password, they had to let a guy (David S.) go free
        ** The governor and his idiot troupe eventually stopped their grandstanding and didn’t file charges against Josh Renaud of the St. Louis Post-Dispatch reporter, luckily

      • ObjectivityIncarnate@lemmy.worldEnglish
        3011·
        1 day ago

        Mailing someone more letters than they’re capable of replying to is not equivalent to, nor a component of, gaining access to the inside of their home.

        • theherk@lemmy.worldEnglish
          351·
          1 day ago

          Disabling network security and edge devices to change the properties of ingress can absolutely be a component of an attack plan.

          Just like overwhelming a postal sorting center could prevent a parcel containing updated documentation from reaching the receiver needing that information.

          • Kazumara@discuss.tchncs.deEnglish
            2·
            5 hours ago

            I haven’t heard of a firewall failing open when overwhelmed yet. Usually quite the opposite, a flood disables access to more than just the targeted device, when the state table overflows.

            But maybe there is a different mechanism I’m not aware of. How would the DDoS change the properties of ingress?

            • theherk@lemmy.worldEnglish
              2·
              4 hours ago

              By denying access to resources in a primary region, one might force traffic to an alternate infrastructure with a different configuration. Or maybe by overwhelming hosts that distribute BGP configurations. By denying access to resources, sometimes you can be routed to resources with different security postures or different monitoring and alerting, thus not raising alarms. But these are just contrived examples.

              Compromising devices is a wide field with many different tools and ideas, some of which are a bit off the wall and nearly all unexpected, necessarily.

        • pachrist@lemmy.worldEnglish
          121·
          23 hours ago

          I mean, I know JK Rowling sucks, and it’s been a long time since the first Harry Potter movie came out, but it was definitely a component and precursor to Hagrid beating the shit out of that door.

          • 🇰 🌀 🇱 🇦 🇳 🇦 🇰 🇮 @pawb.socialEnglish
            22·
            21 hours ago

            To be fair, they had moved to an unsecure location that was a much softer target by that point. Can a DDOS force someone to move their services over to the equivalent of a century old, weather-beaten lighthouse in the middle of England?