Your Web News in One Place

An Interest In:

Web News this Week

Search Archive

Some of Our Sources

View All Sources

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
July 9, 2016 04:00 pm

Researchers Find Over 6,000 Compromised Redis Installations

An anonymous Slashdot reader writes:Security researchers have discovered over 6,000 compromised installations of Redis, the open source in-memory data structure server, among the tens of thousands of Redis servers indexed by Shodan. "By default, Redis has no authentication or security mechanism enabled, and any security mechanisms must be implemented by the end user." The researchers also found 106 different Redis versions compromised, suggesting "there are a lot of Redis installations that are not upgrading to the most recent versions to fix any known security issues." 5,892 infections were linked to the same email address, with two more email addresses that were both linked to more than 200. "The key take away from this research for us has been that insecure default installations continue to be a significant issue, even in 2016." Redis "is designed to be accessed by trusted clients inside trusted environments," according to its documentation. "This means that usually it is not a good idea to expose the Redis instance directly to the internet or, in general, to an environment where untrusted clients can directly access the Redis TCP port or UNIX socket... Redis is not optimized for maximum security but for maximum performance and simplicity."

Read more of this story at Slashdot.


Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/UFahhS2H-bU/researchers-find-over-6000-compromised-redis-installations

Share this article:    Share on Facebook
View Full Article

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot