Major security alert as 40,000 MongoDB databases left unsecured on the internet
-
Students discover overwhelming number of MongoDBs without access control, including a French telecoms database with 8 million customer phone numbers and addresses
NoSQL? More like NoSecurity, amirite folks?
I'll get my coat.
-
Students discover overwhelming number of MongoDBs without access control, including a French telecoms database with 8 million customer phone numbers and addresses
NoSQL? More like NoSecurity, amirite folks?
I'll get my coat.
Geez...Wouldn't that be common sense for any db admin??!!
H.B.
-
Students discover overwhelming number of MongoDBs without access control, including a French telecoms database with 8 million customer phone numbers and addresses
NoSQL? More like NoSecurity, amirite folks?
I'll get my coat.
OMG!!! I think common sense is not so common any more..
-
Students discover overwhelming number of MongoDBs without access control, including a French telecoms database with 8 million customer phone numbers and addresses
NoSQL? More like NoSecurity, amirite folks?
I'll get my coat.
I can't see how that's the fault of MongoDB - all you need is fire some DB admins around the word...
Skipper: We'll fix it. Alex: Fix it? How you gonna fix this? Skipper: Grit, spit and a whole lotta duct tape.
-
I can't see how that's the fault of MongoDB - all you need is fire some DB admins around the word...
Skipper: We'll fix it. Alex: Fix it? How you gonna fix this? Skipper: Grit, spit and a whole lotta duct tape.
If they're using Mongo they probably already fired all DB Admins. And that's the root of the problem.
Wrong is evil and must be defeated. - Jeff Ello
-
Students discover overwhelming number of MongoDBs without access control, including a French telecoms database with 8 million customer phone numbers and addresses
NoSQL? More like NoSecurity, amirite folks?
I'll get my coat.
I remember back in the dark ages a similar story about how many Oracle systems still had scott/tiger enabled with admin rights. It is the same thing with MongoDb, I like Mongo and I use it, but if you are such a numpty as to put your DB on da webs and not tie down access to it then you deserve every piece of data that gets stolen.
veni bibi saltavi
-
Students discover overwhelming number of MongoDBs without access control, including a French telecoms database with 8 million customer phone numbers and addresses
NoSQL? More like NoSecurity, amirite folks?
I'll get my coat.
Quote:
telecoms database with 8 million customer phone numbers and addresses
I remember when that sort of highly secret information was only available in book form...and was left on your doorstep.
-
Quote:
telecoms database with 8 million customer phone numbers and addresses
I remember when that sort of highly secret information was only available in book form...and was left on your doorstep.
Hilarious!
Wrong is evil and must be defeated. - Jeff Ello
-
Students discover overwhelming number of MongoDBs without access control, including a French telecoms database with 8 million customer phone numbers and addresses
NoSQL? More like NoSecurity, amirite folks?
I'll get my coat.
There's an awesome Defcon talk on this called Massscanning the Internet[^]. Basically if you know the port a particular service runs on, you can use a tool called MasScan[^] to scan the entire internet for it in ten minutes (if your internet is fast enough). Then write a script to loop through each result and try and login with default credentials and bam! Security Alert!
-
I remember back in the dark ages a similar story about how many Oracle systems still had scott/tiger enabled with admin rights. It is the same thing with MongoDb, I like Mongo and I use it, but if you are such a numpty as to put your DB on da webs and not tie down access to it then you deserve every piece of data that gets stolen.
veni bibi saltavi
Sadly though, it is our data which is likely to be stolen.
"If you don't fail at least 90 percent of the time, you're not aiming high enough." Alan Kay.
