Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security 2018
DOI: 10.1145/3243734.3243794
|View full text |Cite
|
Sign up to set email alerts
|

Investigating System Operators' Perspective on Security Misconfigurations

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

1
56
0

Year Published

2018
2018
2024
2024

Publication Types

Select...
4
3
2

Relationship

2
7

Authors

Journals

citations
Cited by 71 publications
(57 citation statements)
references
References 36 publications
1
56
0
Order By: Relevance
“…We also posted ads on online communities like Reddit. Dietrich et al showed online chatrooms and forums are useful for recruiting security professionals, since participants are reached in a more natural setting where they are more likely to be receptive [70].…”
Section: Recruitment and Participantsmentioning
confidence: 99%
“…We also posted ads on online communities like Reddit. Dietrich et al showed online chatrooms and forums are useful for recruiting security professionals, since participants are reached in a more natural setting where they are more likely to be receptive [70].…”
Section: Recruitment and Participantsmentioning
confidence: 99%
“…Concerning the certificate themselves, RFC 4398 proposed a specific CERT RR to store certificates, but to our knowledge the effort has been abandoned, and the small number of certificates we observe does not indicate that TXT is commonly used for this purpose. While publishing certificates via TXT records is not a security risk in itself, the fact that we found private keys accompanying requests still suggests securityrelevant configuration mistakes [24] are being made.…”
Section: Mistakes With a Security Implicationmentioning
confidence: 89%
“…Finally, we note that the remaining 99.54% of the TXT records might not necessarily be secure. Our regular expressions explicitly accommodate for typos which we commonly see in the data ('sfp' instead of 'spf', for example), a common issue in IT operations [24]. The consequence of these human errors might be severe, since they might lead to a false sense of security or, e.g., broken email delivery.…”
Section: Discussionmentioning
confidence: 99%
“…Related work has extensively studied how and why attackers compromise websites through the exploitation of software vulnerabilities [16,18], misconfigurations [23], inclusion of third-party scripts [48], and advertisements [75]. Traditionally, the attackers' goals ranged from website defacements [17,42], over enlisting the website's visitors into distributed denial-of-service (DDoS) attacks [53], to the installation of exploit kits for drive-by download attacks [30,55,56], which infect visitors with malicious executables.…”
Section: Related Workmentioning
confidence: 99%