undefined | Better HN

0 pointskeepamovin1y ago0 comments

Hah! As if they need ideas. But that's not the point, how possible is it?

Re your comprehensive edit, I totally am on board with that tech choice idea. It's a bet, avoid the fads, pick stuff that's robust (or at least a fit for your possible futures)

0 comments

cookiengineer1y ago

I'd say we have to differentiate between human error as an attack surface and software bugs / vulnerabilities as an attack surface here.

Software-wise I wouldn't know where to start, honestly, because the internet archive as a project is so vast [1] that it's hard to get an architectural overview of how the pieces are glued together. Unifying the tech stack seems to have been no concern at all in its development...

But from a pentesting perspective I'd try to find vulnerabilities in the perl based services first, then Java, then PHP, then NPM and so on... because older projects tend to have a higher likeliness of being unmaintained or using outdated libraries.

[1] (~242 public repositories) https://github.com/orgs/internetarchive/repositories

j / k navigate · click thread line to collapse