Some of Our Sources
- TutsPlus - Code
- Just Creative
- The Logo Smith
- Abduzeedo
- You The Designer
- My Ink Blog
- 24 Ways
- Design Modo
- Android Headlines
- Daily Now
Help Webnuz
Referal links:
March 25, 2018 01:34 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/--Zdfz9W_YM/shodan-search-exposes-thousands-of-servers-hosting-passwords-and-keys
Shodan Search Exposes Thousands of Servers Hosting Passwords and Keys
Thousands of etcd servers "are spitting sensitive passwords and encrypted keys," reports Fossbytes:Security researcher Giovanni Collazo was able to harvest 8781 passwords, 650 AWS access keys, 23 secret keys, and 8 private keys. First, he ran a query on the hacker search engine Shodan that returned around 2300 servers running etcd database. Then, he ran a simple script that gave him the login credentials stored on these servers which can be used to gain access to CMSs, MySQL, and PostgreSQL databases, etc. etcd is a database used by computing clusters to store and exchange passwords and configuration settings between servers and applications over the network. With the default settings, its programming interface can return administrative login credentials without any authentication upfront... All of the data he harvested from around 1500 servers is around 750MB in size... Collazo advises that anyone maintaining etcd servers should enable authentication, set up a firewall, and take other security measures. Another security research independently verified the results, and reported that one MySQL database had the root password "1234".Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/--Zdfz9W_YM/shodan-search-exposes-thousands-of-servers-hosting-passwords-and-keys
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot