We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
IMPORTANT! Have you received an email to your forum username?
Comments
-
l got one too.Just deleted it.0
-
Being under attack isn't the same as having security issues. Anyone can be under attack, but only if the attack is successful do they have security issues.So after X years someone bothered to inform Martin the extent of a security issue surrounding a site run in his name? I find that quite surprising that this information hadn't been requested by Martin or conveyed to him earlier!0 -
It went into the Junk folder, it stayed in the junk folder, it was deleted without me even reading it, just like the 15 or 20 I get from 'banks' every day.0
-
VictimOfImpersonation wrote: »What's to misunderstand? Are you a some other kind of denier too? DoS overwhelms the servers. Then databases can be plundered.
Well I've only got a PhD in IT and 30 years experience to go with it, but I've obviously missed out on this technique!:)
Please explain how a DOS attack that brings a web server to its knees by flooding it with huge numbers of HTTP requests can then allow a database (quite possibly hosted on a separate server) to be "plundered", I would love to know.
There *is* a serious data security issue here, but it has nothing to do with Denial Of Service attacks and comments like these just muddy the waters.0 -
I got a reply to my email from MSE this morning (forwarded the email as soon as I got it yesterday evening) and that along with the communication from Martin is much more reassuring. I think people are worried because this is a site that people trust and communication is a good way to maintain or rebuild that. Thanks Martin & team
0 -
VictimOfImpersonation may be referring to the recent attack on ACS Law. It was initially under a DoS attack so the site was unavailable. When it came back up it was showing the root directory of their server so everything was for the taking.Please explain how a DOS attack that brings a web server to its knees by flooding it with huge numbers of HTTP requests can then allow a database (quite possibly hosted on a separate server) to be "plundered", I would love to know.
I don't think the DoS caused the root to be exposed though. It could be that their IT team (guy) were trying lots of things with the server to try and get it back up and running. One of the things could be misconfiguring it so the data was exposed when it finally came back online.0 -
mr_fishbulb wrote: »VictimOfImpersonation may be referring to the recent attack on ACS Law. It was initially under a DoS attack so the site was unavailable. When it came back up it was showing the root directory of their server so everything was for the taking.
I don't think the DoS caused the root to be exposed though. It could be that their IT team (guy) were trying lots of things with the server to try and get it back up and running. One of the things could be misconfiguring it so the data was exposed when it finally came back online.
Sounds like someone inadvertently enabled directory browsing on the server - I've used web hosters in the past where that was enabled by default, absolute madness!
All that DoS does is flood the server as if a million people are trying to access the site at the same time. It effectively takes the site down as either the server hardware can't cope or the network infrastructure can't keep pace but no way should it compromise the contents of the site.
Anyway this is getting a bit off-topic so I promise to leave the discussion at that.:)0 -
i received 2 both to same email that is used for mse.0
-
I joined the forum before 2010 and haven't seen any sign of spam messages lately. I do check my spam and regular inbox every day too.They have the internet on computers now?! - Homer Simpson
It's always better to be late in this life, than early in the next0 -
So after X years someone bothered to inform Martin the extent of a security issue surrounding a site run in his name? I find that quite surprising that this information hadn't been requested by Martin or conveyed to him earlier!
Dear me,
Sometimes you can't do right for doing wrong. The point here was I learned of the frequency of attempts (which are very different from an actuall breach) not that someone is trying to crack us.
I dont really need to know the frequency, just that it is an issue and we need to deal with it. My technical team are the professionals on this, not me, and I have little to add apart from overarching policy on it - and deciding whether to invest in making things more secure (and what data we hold)
We have invested over the last year, including external assessmentas and consultants as we belive it important. Please don't try and pick holes in every word written- it is quite distracting from the job in hand.
MartinMartin Lewis, Money Saving Expert.
Please note, answers don't constitute financial advice, it is based on generalised journalistic research. Always ensure any decision is made with regards to your own individual circumstance.Don't miss out on urgent MoneySaving, get my weekly e-mail at www.moneysavingexpert.com/tips.Debt-Free Wannabee Official Nerd Club: (Honorary) Members number 0000
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.3K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.7K Spending & Discounts
- 244.2K Work, Benefits & Business
- 599.3K Mortgages, Homes & Bills
- 177.1K Life & Family
- 257.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards